Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
ahmbf.ps1

Overview

General Information

Sample name:ahmbf.ps1
Analysis ID:1559592
MD5:41aaa0283372e0a4c4e9231f766f68f3
SHA1:65b5d719a4e8802b3ad44e02b7531a796e657050
SHA256:6c8d9120fb409fe443c79fcda2a76303dd3dfd93b2608f5d8274b7e20f88569a
Infos:

Detection

Score:96
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
.NET source code contains very large array initializations
AI detected suspicious sample
Connects to a pastebin service (likely for C&C)
Injects a PE file into a foreign processes
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Suspicious execution chain found
Uses dynamic DNS services
Writes to foreign memory regions
Yara detected Costura Assembly Loader
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sigma detected: Change PowerShell Policies to an Insecure Level
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

  • System is w10x64
  • powershell.exe (PID: 7548 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\ahmbf.ps1" MD5: 04029E121A0CFA5991749937DD22A1D9)
    • conhost.exe (PID: 7556 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • RegAsm.exe (PID: 7752 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
00000002.00000002.4166334815.00000000056C0000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
    00000002.00000002.4161705360.0000000003FFC000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
      00000002.00000002.4156977457.0000000002E51000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
        Process Memory Space: powershell.exe PID: 7548INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXECDetects PowerShell scripts containing patterns of base64 encoded files, concatenation and executionditekSHen
        • 0x3fa4f:$b2: ::FromBase64String(
        • 0x1a2c50:$b2: ::FromBase64String(
        • 0x411644:$b2: ::FromBase64String(
        • 0x414930:$b2: ::FromBase64String(
        • 0x1994c2:$s1: -join
        • 0x19e33d:$s1: -join
        • 0x14a3:$s3: reverse
        • 0x1791:$s3: reverse
        • 0x1eab:$s3: reverse
        • 0x2664:$s3: reverse
        • 0x974f:$s3: reverse
        • 0x9b69:$s3: reverse
        • 0xa6f1:$s3: reverse
        • 0xb39e:$s3: reverse
        • 0xa54da:$s3: reverse
        • 0xb0d18:$s3: reverse
        • 0x3ad1ec:$s3: Reverse
        • 0x3afafe:$s3: Reverse
        • 0x3b883c:$s3: Reverse
        • 0x3d393c:$s3: reverse
        • 0x3dd829:$s3: reverse
        Process Memory Space: RegAsm.exe PID: 7752JoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
          SourceRuleDescriptionAuthorStrings
          2.2.RegAsm.exe.56c0000.4.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
            2.2.RegAsm.exe.408b788.1.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
              0.2.powershell.exe.1c1933383d8.1.raw.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security

                System Summary

                barindex
                Source: Process startedAuthor: frack113: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\ahmbf.ps1", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\ahmbf.ps1", CommandLine|base64offset|contains: z, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\ahmbf.ps1", ProcessId: 7548, ProcessName: powershell.exe
                Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\ahmbf.ps1", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\ahmbf.ps1", CommandLine|base64offset|contains: z, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\ahmbf.ps1", ProcessId: 7548, ProcessName: powershell.exe
                No Suricata rule has matched

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.8% probability
                Source: unknownHTTPS traffic detected: 172.67.19.24:443 -> 192.168.2.4:49730 version: TLS 1.2
                Source: Binary string: protobuf-net.pdbSHA256}Lq source: RegAsm.exe, 00000002.00000002.4165950982.00000000055F0000.00000004.08000000.00040000.00000000.sdmp
                Source: Binary string: protobuf-net.pdb source: RegAsm.exe, 00000002.00000002.4165950982.00000000055F0000.00000004.08000000.00040000.00000000.sdmp
                Source: Binary string: Bclupty.pdb source: RegAsm.exe, 00000002.00000002.4165136202.0000000005520000.00000004.08000000.00040000.00000000.sdmp
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\userJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppDataJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior

                Software Vulnerabilities

                barindex
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeChild: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

                Networking

                barindex
                Source: unknownDNS query: name: pastebin.com
                Source: unknownDNS query: name: xweb.ddns.net
                Source: Yara matchFile source: 0.2.powershell.exe.1c1933383d8.1.raw.unpack, type: UNPACKEDPE
                Source: global trafficTCP traffic: 192.168.2.4:49731 -> 31.13.224.69:7211
                Source: global trafficHTTP traffic detected: GET /raw/GF0ptUGb HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                Source: Joe Sandbox ViewIP Address: 172.67.19.24 172.67.19.24
                Source: Joe Sandbox ViewIP Address: 172.67.19.24 172.67.19.24
                Source: Joe Sandbox ViewASN Name: SARNICA-ASBG SARNICA-ASBG
                Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /raw/GF0ptUGb HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                Source: global trafficDNS traffic detected: DNS query: pastebin.com
                Source: global trafficDNS traffic detected: DNS query: xweb.ddns.net
                Source: powershell.exe, 00000000.00000002.1739713631.000001C1934BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pastebin.com
                Source: powershell.exe, 00000000.00000002.1739713631.000001C193071000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.4156977457.0000000002E51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.4156977457.00000000030F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                Source: powershell.exe, 00000000.00000002.1739713631.000001C193071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
                Source: RegAsm.exe, 00000002.00000002.4165950982.00000000055F0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                Source: RegAsm.exe, 00000002.00000002.4165950982.00000000055F0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                Source: RegAsm.exe, 00000002.00000002.4165950982.00000000055F0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                Source: powershell.exe, 00000000.00000002.1739713631.000001C1932A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pastebin.com
                Source: powershell.exe, 00000000.00000002.1739713631.000001C1932A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pastebin.com/raw/GF0ptUGb
                Source: RegAsm.exe, 00000002.00000002.4165950982.00000000055F0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                Source: RegAsm.exe, 00000002.00000002.4156977457.0000000002E51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.4165950982.00000000055F0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                Source: RegAsm.exe, 00000002.00000002.4165950982.00000000055F0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
                Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
                Source: unknownHTTPS traffic detected: 172.67.19.24:443 -> 192.168.2.4:49730 version: TLS 1.2

                System Summary

                barindex
                Source: Process Memory Space: powershell.exe PID: 7548, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
                Source: 0.2.powershell.exe.1c1a362e3e0.2.raw.unpack, Token.csLarge array initialization: GetRef: array initializer size 585920
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_02C84D182_2_02C84D18
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_02C81BF02_2_02C81BF0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_02C816182_2_02C81618
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_02C816282_2_02C81628
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_02C81CCD2_2_02C81CCD
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_02C81CE32_2_02C81CE3
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_02C81CFE2_2_02C81CFE
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_02C81C832_2_02C81C83
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_02C81C982_2_02C81C98
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_02C81CB02_2_02C81CB0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_02C81C4C2_2_02C81C4C
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_02C81C6D2_2_02C81C6D
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_02C81C2C2_2_02C81C2C
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_02C83D842_2_02C83D84
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_02C84D0F2_2_02C84D0F
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_053C10432_2_053C1043
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_056493F82_2_056493F8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_056495102_2_05649510
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_056484E82_2_056484E8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_056484D72_2_056484D7
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0564962D2_2_0564962D
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_056493E82_2_056493E8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_05720C002_2_05720C00
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_05721CA82_2_05721CA8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_05720F372_2_05720F37
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0573B9032_2_0573B903
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_057381B02_2_057381B0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_05732C362_2_05732C36
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0573C0102_2_0573C010
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_05730F182_2_05730F18
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_057362682_2_05736268
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_057356502_2_05735650
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_057376502_2_05737650
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_05739AF82_2_05739AF8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0573792B2_2_0573792B
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_057359982_2_05735998
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0573BC7F2_2_0573BC7F
                Source: Process Memory Space: powershell.exe PID: 7548, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
                Source: 0.2.powershell.exe.1c1a362e3e0.2.raw.unpack, MethodOrderException.csCryptographic APIs: 'CreateDecryptor'
                Source: 0.2.powershell.exe.1c1a362e3e0.2.raw.unpack, MethodOrderException.csCryptographic APIs: 'CreateDecryptor'
                Source: 0.2.powershell.exe.1c1a362e3e0.2.raw.unpack, Token.csCryptographic APIs: 'CreateDecryptor'
                Source: 2.2.RegAsm.exe.5520000.2.raw.unpack, NuZmITLFqQu1WuWA3dj.csCryptographic APIs: 'CreateDecryptor'
                Source: 2.2.RegAsm.exe.5520000.2.raw.unpack, NuZmITLFqQu1WuWA3dj.csCryptographic APIs: 'CreateDecryptor'
                Source: 2.2.RegAsm.exe.5520000.2.raw.unpack, NuZmITLFqQu1WuWA3dj.csCryptographic APIs: 'CreateDecryptor'
                Source: 2.2.RegAsm.exe.5520000.2.raw.unpack, NuZmITLFqQu1WuWA3dj.csCryptographic APIs: 'CreateDecryptor'
                Source: 2.2.RegAsm.exe.5520000.2.raw.unpack, HE3r3mLvex6HsnUNTTu.csCryptographic APIs: 'CreateDecryptor'
                Source: 2.2.RegAsm.exe.5520000.2.raw.unpack, zyVVkIvwMWMEFUVZ5tB.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 2.2.RegAsm.exe.5520000.2.raw.unpack, NmZmeuMLAX3WYGPinR.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                Source: 2.2.RegAsm.exe.5520000.2.raw.unpack, NmZmeuMLAX3WYGPinR.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 2.2.RegAsm.exe.5520000.2.raw.unpack, oIWxokvQhGHS8muoQ3v.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: classification engineClassification label: mal96.troj.expl.evad.winPS1@4/5@5/2
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMutant created: NULL
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7556:120:WilError_03
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMutant created: \Sessions\1\BaseNamedObjects\P@55w0rd!
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xa2kn2jv.ef2.ps1Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Users\desktop.iniJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
                Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\ahmbf.ps1"
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: linkinfo.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntshrui.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cscapi.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: policymanager.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msvcp110_win.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: taskflowdataengine.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cdp.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: umpdc.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dsreg.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: aclayers.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc_os.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                Source: ahmbf.ps1Static file information: File size 1916592 > 1048576
                Source: Binary string: protobuf-net.pdbSHA256}Lq source: RegAsm.exe, 00000002.00000002.4165950982.00000000055F0000.00000004.08000000.00040000.00000000.sdmp
                Source: Binary string: protobuf-net.pdb source: RegAsm.exe, 00000002.00000002.4165950982.00000000055F0000.00000004.08000000.00040000.00000000.sdmp
                Source: Binary string: Bclupty.pdb source: RegAsm.exe, 00000002.00000002.4165136202.0000000005520000.00000004.08000000.00040000.00000000.sdmp

                Data Obfuscation

                barindex
                Source: 0.2.powershell.exe.1c1a362e3e0.2.raw.unpack, MethodOrderException.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                Source: 2.2.RegAsm.exe.5520000.2.raw.unpack, NuZmITLFqQu1WuWA3dj.cs.Net Code: Type.GetTypeFromHandle(Wex5GZY6TWNikhqTK5m.FqVwCfyODE(16777307)).GetMethod("GetDelegateForFunctionPointer", new Type[2]{Type.GetTypeFromHandle(Wex5GZY6TWNikhqTK5m.FqVwCfyODE(16777250)),Type.GetTypeFromHandle(Wex5GZY6TWNikhqTK5m.FqVwCfyODE(16777305))})
                Source: 0.2.powershell.exe.1c1ab3d0000.3.raw.unpack, -.cs.Net Code: _FDD0 System.Reflection.Assembly.Load(byte[])
                Source: 0.2.powershell.exe.1c193d6b478.0.raw.unpack, -.cs.Net Code: _FDD0 System.Reflection.Assembly.Load(byte[])
                Source: 0.2.powershell.exe.1c1933383d8.1.raw.unpack, -.cs.Net Code: _FDD0 System.Reflection.Assembly.Load(byte[])
                Source: 2.2.RegAsm.exe.55f0000.3.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                Source: 2.2.RegAsm.exe.55f0000.3.raw.unpack, ListDecorator.cs.Net Code: Read
                Source: 2.2.RegAsm.exe.55f0000.3.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                Source: 2.2.RegAsm.exe.55f0000.3.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                Source: 2.2.RegAsm.exe.55f0000.3.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                Source: 2.2.RegAsm.exe.5520000.2.raw.unpack, AssemblyLoader.cs.Net Code: ReadFromEmbeddedResources System.Reflection.Assembly.Load(byte[])
                Source: Yara matchFile source: 2.2.RegAsm.exe.56c0000.4.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.RegAsm.exe.408b788.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000002.00000002.4166334815.00000000056C0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.4161705360.0000000003FFC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.4156977457.0000000002E51000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 7752, type: MEMORYSTR
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 0_2_00007FFD9BAA338C push ss; retf 0_2_00007FFD9BAA33AA
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_053C953B push eax; ret 2_2_053C9543
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_053C4541 push eax; ret 2_2_053C454E
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_053C45F4 push eax; ret 2_2_053C45FC
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_053C7C30 push eax; ret 2_2_053C7C41
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_053C6C28 push eax; ret 2_2_053C6C29
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_053C3C1C push eax; ret 2_2_053C3C24
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_053C5C1D push eax; ret 2_2_053C5C25
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_053C445F push eax; ret 2_2_053C4467
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_053C64B9 push eax; ret 2_2_053C64C1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_053C74A5 push eax; ret 2_2_053C74AD
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_053C5C91 push eax; ret 2_2_053C5C99
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_053C8C83 push eax; ret 2_2_053C8C8B
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_053C44CD push eax; ret 2_2_053C44D5
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_053C7CC2 push eax; ret 2_2_053C7CCE
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_053C777D push eax; ret 2_2_053C7785
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_053C8740 push eax; ret 2_2_053C8748
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_053C8FF9 push eax; ret 2_2_053C9005
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_053C563E push eax; ret 2_2_053C5646
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_053C8628 push eax; ret 2_2_053C8629
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_053C660F push eax; ret 2_2_053C6617
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_053C5ED4 push eax; ret 2_2_053C5EDC
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_053C46C9 push eax; ret 2_2_053C46D1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_053C86C6 push eax; ret 2_2_053C86CE
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_053C9123 push eax; ret 2_2_053C912B
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_053C5101 push eax; ret 2_2_053C511F
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_053C6949 push eax; ret 2_2_053C6956
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_053C41AE push eax; ret 2_2_053C41B6
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_053C51AA push eax; ret 2_2_053C51B2
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_053C819B push eax; ret 2_2_053C81A3
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_053C5033 push eax; ret 2_2_053C503B
                Source: 2.2.RegAsm.exe.5520000.2.raw.unpack, G9lxg8Y0ssxgIGYjpaq.csHigh entropy of concatenated method names: 'Ids3iNqSKU', 'ryv33xTCFd', 'k3S32oSQdq', 'gbJ3P2TrLq', 'YEI3fm7eXj', 'mBi36wE0hO', 'cSY3bbMXDd', 'vcaRoZkJFh', 'ndb3NJjops', 'FOU3nr66cn'
                Source: 2.2.RegAsm.exe.5520000.2.raw.unpack, AssemblyLoader.csHigh entropy of concatenated method names: 'CultureToString', 'ReadExistingAssembly', 'CopyTo', 'LoadStream', 'LoadStream', 'ReadStream', 'ReadFromEmbeddedResources', 'ResolveAssembly', 'Attach', 'XsxbgmMR49Wyp590qm6'
                Source: 2.2.RegAsm.exe.5520000.2.raw.unpack, NuZmITLFqQu1WuWA3dj.csHigh entropy of concatenated method names: 'qb3VwIGCfPu3ipdM2NH', 'zG1HHfGUhU4hy37CUQq', 'VNxQcPSYmk', 'xNZj4qhOeP2iuwDXZNu', 'RaJnHShZiWtfQBHEc7w', 'qWw9w8hvQB6QyeBw2jy', 'lHWnK7hdnSIdA2VnIaR', 'Fe1dRHh7SCIAHJxgndN', 'g6HFFhhJY4xHfOPGAiH', 'xTsCawhLE7RvWlAmNmh'
                Source: 2.2.RegAsm.exe.5520000.2.raw.unpack, bWfTrIL6ymh7NUPK5JX.csHigh entropy of concatenated method names: 'bUiwEm6315', 'aUaTeEG0eJbNtfxZgVA', 'UYccmWGVj0w2Ksk57ui', 'TYSWEGG1ZR10NLlC4Rq', 'tmK3JlG5YEloXmkBY7Y', 'W5We8FGDv5NGeUxNdNa', 'oIAR0SGlLCJkCo2mnux', 'oISNBdGIhrhFWjDtcBb', 'edZMBiGrAKhlZeBq6ih', 'pNYG8CGqKAOPGx0WsHh'
                Source: 2.2.RegAsm.exe.5520000.2.raw.unpack, iiCNlk8qWLqE3psd6U.csHigh entropy of concatenated method names: 'zEk3tSv6s', 'aZ32VxCds', 'F2afY42QS', 'Jre6hsyS1', 'pEQN0Q3Xq', 'wekngsmMb', 'v8hie6PvX', 'TIlxI2fLQwdtfbODpfh', 'vlQSUGfQL00jQr9GiV2', 'AdoOxefYqEsqN9CtqgC'
                Source: 2.2.RegAsm.exe.5520000.2.raw.unpack, rxidPq1fnONU28JRjC.csHigh entropy of concatenated method names: 'altIwCiW3', 'GknryDV4f', 'O31q3218A', 'IFtaT1iVZ', 'LbdE6VjHZ', 'waRAJhynG', 'jHTuOYBV5', 'pfiC1U5nQ', 'HJhvER61M1i2D2Ytl7Z', 'i9D7hW65eoDKQWgDOhw'
                Source: 2.2.RegAsm.exe.5520000.2.raw.unpack, HE3r3mLvex6HsnUNTTu.csHigh entropy of concatenated method names: 'vIPL799XJp', 'laVLJpFPar', 'dxVLL4Esoc', 'aLTLQmu5r7', 'UPw95EBlArtmFROYbcQ', 'pXIlLLB0BLGWtjIEG5A', 'W3R8nbBVtYASN47dic5', 'fiVVf9BgvJYo2t4S23f', 'wFVUnIBDbrrnS1Z28Jj', 'EWDIO4B1jT6mvbZKua0'
                Source: 2.2.RegAsm.exe.5520000.2.raw.unpack, zyVVkIvwMWMEFUVZ5tB.csHigh entropy of concatenated method names: 'qrovWmEylg', 'rYlBE7tmjqGt5jt9NbG', 'UhZxN1tyT9DXTcpa7tN', 'tcwoBytTUyqUdgqFUKK', 'yB8kx2twe14GImnP5A7', 'vVZ4ebtxbJu21gvk6Ar', 'PsuPuHtWHhvMgNgtbTV', 'fBPr5btgBCAuF5p8nE1', 'irDtbJtDAkJgfLfGUyD', 'jftFXqtlGCPvVN64JoJ'
                Source: 2.2.RegAsm.exe.5520000.2.raw.unpack, tc2vhGvjJ2ufG2uDuJp.csHigh entropy of concatenated method names: 'XQMv438pyq', 'ql01aFte6oR27QMXACi', 'eJxQEOthg7KTnCFfwCO', 'SOqlbrtH90EtUjmVyOF', 'CaHuwntsULlVhmDcALl', 'HGovBsI8Rb', 'egxvGDXDJ1', 'YKVvh9brK2', 'V9N9jhkuxCuntZnB9A6', 'kf6OZekCpDnSTWLmmf7'
                Source: 2.2.RegAsm.exe.5520000.2.raw.unpack, NmZmeuMLAX3WYGPinR.csHigh entropy of concatenated method names: 'xC2loeuvP', 'C0wa7H6wHDRu0nUh6OB', 'wOY0cC6xrA9JRxEHdII', 'QZZkGR6yBl2jd2dW3cV', 'Db20vm6TpWYHry69P6O', 'v6nMrl6WG9AM9DpL9DK', 'Y7uTOw6gRAQKOtEcsUk', 'edQMV66DELgI8EkuPPN', 'yuDGf74Vu', 'SxEhX7bxW'
                Source: 2.2.RegAsm.exe.5520000.2.raw.unpack, bLVETvvgJVkTpFX7uyl.csHigh entropy of concatenated method names: 'XTOvVYDnpC', 't8qqDBjqDmIMBday0LF', 'tRoxVVjIdoh0IYfnlC3', 'OG9Qa6jrHC1c0WegdKi', 'rHLMUFjadJb8EJUktkx', 'r3AxUojEXQsxUOky6pr', 'SQxOGKjA3nelm78Y9Mv', 'vmAUJfjutgcsBe4Nt7h', 'M6OMW3jC1sZtfYEFuPS', 'wtUAdBjUbNi36NlV8ig'
                Source: 2.2.RegAsm.exe.5520000.2.raw.unpack, EXaeS0vXgZXkZbkFMTr.csHigh entropy of concatenated method names: 'K2Av3Og5wR', 'tVhv2m4dhg', 's9mvPWl1WG', 'T6pvf1ITcG', 'mNwv6Upc5k', 'W2dvbKBCT6', 'NR4vNhphCx', 'MU4l8SkLbUdW22gwYox', 'QCLXHykQiLWLVqqGSGy', 'E9Vj4bkYlmkFk0YmoQd'
                Source: 2.2.RegAsm.exe.5520000.2.raw.unpack, z5gBfMZ9ngpuOGS55iY.csHigh entropy of concatenated method names: 'frjZIhSAL3', 'UjcXTYNWm0PNT8GxwdO', 'PvuesqNwEZqKy7pvsGT', 'KxbWr7NxHtAI9750Qgh', 'KwaawhNgBWkZHisZfhp', 'jLtZlTrkXi', 'pAJZ0i5DwJ', 'v1QZm3lQRM', 'v2fZyxnVfQ', 'Un8ZT36HFH'
                Source: 2.2.RegAsm.exe.5520000.2.raw.unpack, n7MNbKZqEop7seKZCRk.csHigh entropy of concatenated method names: 'LyaZEKcKXe', 'jDOCQyNVY7kEZ8UmAN2', 'fb6CsbN1RBNRtbe17K0', 'U6mgYsN599GyLKPj12q', 'dK9rW9NIRBqCYDwE8vy', 'zVV49pNrJjam95QxGYj', 'GTjE5WNqVFBDy7esK1s', 'quiRAWNaoyFueQivFCr', 'P05AYvNEhUavFkHCSCJ', 'ngZk14NA2FGMVjtDelq'
                Source: 2.2.RegAsm.exe.5520000.2.raw.unpack, oIWxokvQhGHS8muoQ3v.csHigh entropy of concatenated method names: 'UCxvRYKCK9', 'ou4vo4co8d', 'hCOvSELdqG', 'RYSv8OoDxl', 'y8XrxsnajpUBm2CYbcB', 'gPlgM4nEwrRnXoMZy5N', 'jB3qlKnAwer4Guvs7y2', 'ETAJevnubGuvmXLYKvM', 'mWlBTsnCiH8Xwq5sdKZ', 'clDVDfnUy63aCxl5iEl'
                Source: 2.2.RegAsm.exe.5520000.2.raw.unpack, gU63J3L38mmhwsjE0sA.csHigh entropy of concatenated method names: 'MsdLPFKOWI', 'WSpLfuSRat', 'MEnp7XGNKl16ugpyrRC', 'Y72Z3UGnDNNHoYLXY4r', 'U9PmUJGFee4j3ls7URX', 'jHeYQ0Gk6dweDad7vaL', 'NG8dvPGtN7PeLmHu5xi', 'SOiMJRGj3D45ha5qLeg', 'pyIbiSG6cAPcuioSgmU', 'o8lLKTGbK4HH9Apwtfq'
                Source: 2.2.RegAsm.exe.5520000.2.raw.unpack, YO9a6bLSrtJ3I5TZbEI.csHigh entropy of concatenated method names: 'tkALXqaupB', 'RYpLipaLNE', 'aRm8rIG8xmDNnI8J6KP', 'o57fbhGXXZ92yy0hyWd', 'QA89MWGimhCGvfTg7aN', 'jT2EYNGou5lkj4DVPKx', 'cXhXYPGSPiO6vucmcS3', 'g7m7rVG3iFj4vk9tMpQ', 'EtI1kgG2OxeVLIOF0oE', 'LJPgOXGP4ViBDJLigyZ'
                Source: 2.2.RegAsm.exe.5520000.2.raw.unpack, En84GkZzI8miidSaMxQ.csHigh entropy of concatenated method names: 'bs6vOMylqL', 'uOIvZb39t6', 'YGevvTevBG', 'F0wvd2QHYk', 'mEHv7R5pqu', 'sa6vJLvFIa', 'kZe7WUn3ADd442rQRNb', 'BrhTUfnXFtnAuIjbhQi', 'jH2CGYni4P9B3k0rVYv', 'C1QZgBn29RqWW3i0cKk'
                Source: 2.2.RegAsm.exe.5520000.2.raw.unpack, JhtiLKYk60xC9pcHOos.csHigh entropy of concatenated method names: 'It2Y4xSNVM', 'QUYYm4spfl', 'zJBYyLgLIV', 'XDIYTYex8n', 'rEMYwSvanT', 'atFYxgsW7W', 'eSuYWIHPhb', 'ckmYgiAOOE', 'stcYD7yeGj', 'NYGYlWeEXm'
                Source: 2.2.RegAsm.exe.5520000.2.raw.unpack, T5OUAQZAoGhbJKnCyI5.csHigh entropy of concatenated method names: 'qp6ZCl43kW', 'rrnZUdV9ap', 't2WcOFnvEaqg2I1KRpG', 'PQ2xcpndn9ZSBF3TPiM', 'qGWhjhn7Mpe9jqxINSA', 'rIKwW1nJ5nRWUaHJHif', 'UoFrFonLLWUmpfNOkpo', 'rkjvUanOkND9Osv8tDL', 'fgPfWAnZoAT9h6JultH', 'm86ccbnQ6B7XmofUwuT'
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory allocated: 2C80000 memory reserve | memory write watchJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory allocated: 2E50000 memory reserve | memory write watchJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory allocated: 4E50000 memory reserve | memory write watchJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 548000Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 409000Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2511Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1032Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWindow / User API: threadDelayed 8060Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWindow / User API: threadDelayed 1775Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7604Thread sleep time: -30000s >= -30000sJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7664Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7800Thread sleep time: -27670116110564310s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7800Thread sleep time: -60000s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7800Thread sleep time: -119750s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7804Thread sleep count: 8060 > 30Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7800Thread sleep time: -59766s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7800Thread sleep time: -59656s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7804Thread sleep count: 1775 > 30Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7800Thread sleep time: -59547s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7800Thread sleep time: -59438s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7800Thread sleep time: -59313s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7800Thread sleep time: -59203s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7800Thread sleep time: -59094s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7800Thread sleep time: -58969s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7800Thread sleep time: -58860s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7800Thread sleep time: -58735s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7800Thread sleep time: -58610s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7800Thread sleep time: -58485s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7800Thread sleep time: -58360s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7800Thread sleep time: -58235s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7800Thread sleep time: -58110s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7800Thread sleep time: -57985s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7800Thread sleep time: -57860s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7756Thread sleep time: -548000s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7800Thread sleep time: -59641s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7800Thread sleep time: -59516s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7800Thread sleep time: -59405s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7800Thread sleep time: -59297s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7800Thread sleep time: -59188s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7800Thread sleep time: -59063s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7800Thread sleep time: -58938s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7800Thread sleep time: -58825s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7800Thread sleep time: -58719s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7800Thread sleep time: -58594s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7800Thread sleep time: -58484s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7800Thread sleep time: -58375s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7800Thread sleep time: -58236s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7800Thread sleep time: -58109s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7800Thread sleep time: -58000s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7800Thread sleep time: -57891s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7800Thread sleep time: -57766s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7756Thread sleep time: -409000s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7800Thread sleep time: -59763s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7800Thread sleep time: -59546s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7800Thread sleep time: -59437s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7800Thread sleep time: -59328s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7800Thread sleep time: -59218s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7800Thread sleep time: -59109s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7800Thread sleep time: -58999s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7800Thread sleep time: -58890s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7800Thread sleep time: -58781s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 60000Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 59875Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 59766Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 59656Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 59547Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 59438Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 59313Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 59203Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 59094Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 58969Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 58860Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 58735Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 58610Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 58485Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 58360Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 58235Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 58110Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 57985Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 57860Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 548000Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 59641Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 59516Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 59405Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 59297Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 59188Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 59063Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 58938Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 58825Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 58719Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 58594Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 58484Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 58375Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 58236Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 58109Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 58000Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 57891Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 57766Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 409000Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 59763Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 59546Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 59437Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 59328Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 59218Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 59109Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 58999Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 58890Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 58781Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\userJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppDataJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
                Source: powershell.exe, 00000000.00000002.1739713631.000001C193931000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: PQeMucju
                Source: powershell.exe, 00000000.00000002.1739713631.000001C193931000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: DkqeMU
                Source: powershell.exe, 00000000.00000002.1744473672.000001C1A3133000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.1744473672.000001C1A3376000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.1739713631.000001C193562000.00000004.00000800.00020000.00000000.sdmp, ahmbf.ps1Binary or memory string: !sg0ZVvqKZS/xEknJ2UT2o32FiRKLc0E+Spi0PQeMucju93VC2KepzPjIyu8Bt1LyO4pY9u41/z8fcNhwS76
                Source: ahmbf.ps1Binary or memory string: !dpxvMciRBr
                Source: powershell.exe, 00000000.00000002.1739713631.000001C193931000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dpxvMciRBr
                Source: powershell.exe, 00000000.00000002.1744473672.000001C1A3133000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.1744473672.000001C1A3376000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.1739713631.000001C193562000.00000004.00000800.00020000.00000000.sdmp, ahmbf.ps1Binary or memory string: !BPKCSFDFJHrZfLx2GSNnwxjVh8QsngWnsh2UXRbv0DkqeMU6U3FEatDGCz1fVz3whbQuIMhJ+er+hl4sjjejbUyK10w4sm/sJmc2Zz8T/aPHTjtx
                Source: powershell.exe, 00000000.00000002.1749975533.000001C1AB460000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.4167021848.00000000059B8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_05733052 LdrInitializeThunk,2_2_05733052
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5AJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 402000Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 4A0000Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 4A2000Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: D66008Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid Accounts131
                Windows Management Instrumentation
                1
                DLL Side-Loading
                211
                Process Injection
                1
                Disable or Modify Tools
                OS Credential Dumping121
                Security Software Discovery
                Remote Services11
                Archive Collected Data
                1
                Web Service
                Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault Accounts1
                Exploitation for Client Execution
                Boot or Logon Initialization Scripts1
                DLL Side-Loading
                141
                Virtualization/Sandbox Evasion
                LSASS Memory1
                Process Discovery
                Remote Desktop ProtocolData from Removable Media11
                Encrypted Channel
                Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)211
                Process Injection
                Security Account Manager141
                Virtualization/Sandbox Evasion
                SMB/Windows Admin SharesData from Network Shared Drive1
                Non-Standard Port
                Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                Deobfuscate/Decode Files or Information
                NTDS1
                Application Window Discovery
                Distributed Component Object ModelInput Capture1
                Ingress Tool Transfer
                Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                Obfuscated Files or Information
                LSA Secrets2
                File and Directory Discovery
                SSHKeylogging2
                Non-Application Layer Protocol
                Scheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
                Software Packing
                Cached Domain Credentials123
                System Information Discovery
                VNCGUI Input Capture13
                Application Layer Protocol
                Data Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                DLL Side-Loading
                DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand
                No Antivirus matches
                No Antivirus matches
                No Antivirus matches
                No Antivirus matches
                No Antivirus matches
                NameIPActiveMaliciousAntivirus DetectionReputation
                xweb.ddns.net
                31.13.224.69
                truetrue
                  unknown
                  pastebin.com
                  172.67.19.24
                  truefalse
                    high
                    NameMaliciousAntivirus DetectionReputation
                    https://pastebin.com/raw/GF0ptUGbfalse
                      high
                      NameSourceMaliciousAntivirus DetectionReputation
                      https://github.com/mgravell/protobuf-netRegAsm.exe, 00000002.00000002.4165950982.00000000055F0000.00000004.08000000.00040000.00000000.sdmpfalse
                        high
                        https://aka.ms/pscore68powershell.exe, 00000000.00000002.1739713631.000001C193071000.00000004.00000800.00020000.00000000.sdmpfalse
                          high
                          https://github.com/mgravell/protobuf-netiRegAsm.exe, 00000002.00000002.4165950982.00000000055F0000.00000004.08000000.00040000.00000000.sdmpfalse
                            high
                            https://stackoverflow.com/q/14436606/23354RegAsm.exe, 00000002.00000002.4156977457.0000000002E51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.4165950982.00000000055F0000.00000004.08000000.00040000.00000000.sdmpfalse
                              high
                              https://github.com/mgravell/protobuf-netJRegAsm.exe, 00000002.00000002.4165950982.00000000055F0000.00000004.08000000.00040000.00000000.sdmpfalse
                                high
                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000000.00000002.1739713631.000001C193071000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.4156977457.0000000002E51000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.4156977457.00000000030F0000.00000004.00000800.00020000.00000000.sdmpfalse
                                  high
                                  http://pastebin.compowershell.exe, 00000000.00000002.1739713631.000001C1934BC000.00000004.00000800.00020000.00000000.sdmpfalse
                                    high
                                    https://pastebin.compowershell.exe, 00000000.00000002.1739713631.000001C1932A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                      high
                                      https://stackoverflow.com/q/11564914/23354;RegAsm.exe, 00000002.00000002.4165950982.00000000055F0000.00000004.08000000.00040000.00000000.sdmpfalse
                                        high
                                        https://stackoverflow.com/q/2152978/23354RegAsm.exe, 00000002.00000002.4165950982.00000000055F0000.00000004.08000000.00040000.00000000.sdmpfalse
                                          high
                                          • No. of IPs < 25%
                                          • 25% < No. of IPs < 50%
                                          • 50% < No. of IPs < 75%
                                          • 75% < No. of IPs
                                          IPDomainCountryFlagASNASN NameMalicious
                                          31.13.224.69
                                          xweb.ddns.netBulgaria
                                          48584SARNICA-ASBGtrue
                                          172.67.19.24
                                          pastebin.comUnited States
                                          13335CLOUDFLARENETUSfalse
                                          Joe Sandbox version:41.0.0 Charoite
                                          Analysis ID:1559592
                                          Start date and time:2024-11-20 17:45:58 +01:00
                                          Joe Sandbox product:CloudBasic
                                          Overall analysis duration:0h 8m 3s
                                          Hypervisor based Inspection enabled:false
                                          Report type:full
                                          Cookbook file name:default.jbs
                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                          Number of analysed new started processes analysed:7
                                          Number of new started drivers analysed:0
                                          Number of existing processes analysed:0
                                          Number of existing drivers analysed:0
                                          Number of injected processes analysed:0
                                          Technologies:
                                          • HCA enabled
                                          • EGA enabled
                                          • AMSI enabled
                                          Analysis Mode:default
                                          Analysis stop reason:Timeout
                                          Sample name:ahmbf.ps1
                                          Detection:MAL
                                          Classification:mal96.troj.expl.evad.winPS1@4/5@5/2
                                          EGA Information:
                                          • Successful, ratio: 100%
                                          HCA Information:
                                          • Successful, ratio: 91%
                                          • Number of executed functions: 167
                                          • Number of non-executed functions: 17
                                          Cookbook Comments:
                                          • Found application associated with file extension: .ps1
                                          • Override analysis time to 240000 for current running targets taking high CPU consumption
                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                          • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                          • Not all processes where analyzed, report is missing behavior information
                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                          • VT rate limit hit for: ahmbf.ps1
                                          TimeTypeDescription
                                          11:46:55API Interceptor1x Sleep call for process: powershell.exe modified
                                          11:46:56API Interceptor10364703x Sleep call for process: RegAsm.exe modified
                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          172.67.19.24sys_upd.ps1Get hashmaliciousUnknownBrowse
                                          • pastebin.com/raw/sA04Mwk2
                                          cr_asm_menu..ps1Get hashmaliciousUnknownBrowse
                                          • pastebin.com/raw/sA04Mwk2
                                          cr_asm2.ps1Get hashmaliciousUnknownBrowse
                                          • pastebin.com/raw/sA04Mwk2
                                          cr_asm_phshop..ps1Get hashmaliciousUnknownBrowse
                                          • pastebin.com/raw/sA04Mwk2
                                          VvPrGsGGWH.exeGet hashmaliciousAsyncRAT, XWormBrowse
                                          • pastebin.com/raw/sA04Mwk2
                                          HQsitBLlOv.dllGet hashmaliciousUnknownBrowse
                                          • pastebin.com/raw/sA04Mwk2
                                          xK44OOt7vD.exeGet hashmaliciousUnknownBrowse
                                          • pastebin.com/raw/sA04Mwk2
                                          steamcodegenerator.exeGet hashmaliciousUnknownBrowse
                                          • pastebin.com/raw/sA04Mwk2
                                          cr_asm_hiddenz.ps1Get hashmaliciousAsyncRAT, XWormBrowse
                                          • pastebin.com/raw/sA04Mwk2
                                          BeginSync lnk.lnkGet hashmaliciousUnknownBrowse
                                          • pastebin.com/raw/sA04Mwk2
                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          pastebin.comfile.exeGet hashmaliciousJasonRATBrowse
                                          • 104.20.3.235
                                          DEVIS_VALIDE.jsGet hashmaliciousXWormBrowse
                                          • 104.20.3.235
                                          download.exeGet hashmaliciousRemcos, XWormBrowse
                                          • 172.67.19.24
                                          Setup.exeGet hashmaliciousLummaCBrowse
                                          • 104.20.4.235
                                          n7ZKbApaa3.dllGet hashmaliciousLummaC, XmrigBrowse
                                          • 172.67.19.24
                                          SecurityHealthService.exeGet hashmaliciousAsyncRAT, DarkTortilla, XWormBrowse
                                          • 104.20.3.235
                                          AYoF5MX6wK.exeGet hashmaliciousSTRRATBrowse
                                          • 104.20.3.235
                                          PqSIlYOaIF.exeGet hashmaliciousLummaC, XmrigBrowse
                                          • 172.67.19.24
                                          ERxqzVIPur.exeGet hashmaliciousUnknownBrowse
                                          • 104.20.3.235
                                          ERxqzVIPur.exeGet hashmaliciousUnknownBrowse
                                          • 104.20.3.235
                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          CLOUDFLARENETUSSPECIAL PARTY INVITATION FROM DON & LINDA HUFFMAN.msgGet hashmaliciousUnknownBrowse
                                          • 104.17.25.14
                                          file.exeGet hashmaliciousLummaCBrowse
                                          • 104.21.66.38
                                          https://app.scalenut.com/creator/991c897c-dcc2-43e6-ba55-339c0f6812c2/kj8jd9r9doGet hashmaliciousUnknownBrowse
                                          • 104.16.123.96
                                          LxvS6uMf0g.exeGet hashmaliciousAcrid StealerBrowse
                                          • 104.21.68.220
                                          https://vendor.ziphq.com/magic-link/b47e3e5c-c77a-4377-b922-4ceee97070f7Get hashmaliciousUnknownBrowse
                                          • 172.66.43.192
                                          http://grastoonm3vides.comGet hashmaliciousUnknownBrowse
                                          • 104.21.57.169
                                          DOC_114542366.vbeGet hashmaliciousFormBookBrowse
                                          • 172.67.220.36
                                          NEW PURCHASE ORDER DRAWINGSSPECS 5655-2024.vbeGet hashmaliciousFormBookBrowse
                                          • 104.21.40.167
                                          file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                          • 172.64.41.3
                                          PO 2725724312_pdf.vbsGet hashmaliciousUnknownBrowse
                                          • 172.67.187.200
                                          SARNICA-ASBGOrder88983273293729387293828PDF.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                          • 93.123.109.168
                                          Order88983273293729387293828PDF.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                          • 93.123.109.168
                                          Order88983273293729387293828PDF.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                          • 93.123.109.168
                                          Order88983273293729387293828PDF.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                          • 93.123.109.168
                                          mitradesignworkgoodforeveryoneforgiftedmbestthings.htaGet hashmaliciousCobalt Strike, Remcos, HTMLPhisherBrowse
                                          • 31.13.224.230
                                          Order88983273293729387293828PDF.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                          • 93.123.109.168
                                          09_deb64ed.exeGet hashmaliciousRemcosBrowse
                                          • 31.13.224.230
                                          2024-HRDCL-0000796.xlsGet hashmaliciousRemcos, HTMLPhisherBrowse
                                          • 31.13.224.230
                                          Order&picture sample8398398392838PDF.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                          • 93.123.109.168
                                          Order88983273293729387293828PDF.exeGet hashmaliciousGuLoaderBrowse
                                          • 93.123.109.167
                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          3b5074b1b5d032e5620f69f9f700ff0eseethebestthignswhichgivingbestopportunities.htaGet hashmaliciousCobalt Strike, Remcos, HTMLPhisherBrowse
                                          • 172.67.19.24
                                          LSMU CITATA LT 20-11-2024#U00b7pdf.vbeGet hashmaliciousRemcos, GuLoaderBrowse
                                          • 172.67.19.24
                                          PO 2725724312_pdf.vbsGet hashmaliciousUnknownBrowse
                                          • 172.67.19.24
                                          file.exeGet hashmaliciousLummaCBrowse
                                          • 172.67.19.24
                                          prepper-wu.ps1Get hashmaliciousUnknownBrowse
                                          • 172.67.19.24
                                          SnapshotPc.ps1Get hashmaliciousUnknownBrowse
                                          • 172.67.19.24
                                          Isabella County Emergency Management-protected.pdfGet hashmaliciousHTMLPhisherBrowse
                                          • 172.67.19.24
                                          cYDCUkIGVB.exeGet hashmaliciousUnknownBrowse
                                          • 172.67.19.24
                                          cYDCUkIGVB.exeGet hashmaliciousUnknownBrowse
                                          • 172.67.19.24
                                          KRcLFIz5PCQunB7.exeGet hashmaliciousQuasarBrowse
                                          • 172.67.19.24
                                          No context
                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):64
                                          Entropy (8bit):0.773832331134527
                                          Encrypted:false
                                          SSDEEP:3:Nlllulp/t:NllU
                                          MD5:7C703A35F8A735F31CA6D4CECBED0C8F
                                          SHA1:16377B0DA14AE2FE22A969A929D1BF87DBDC27AF
                                          SHA-256:72A0BE888E0278022A62F8516C35240D1D7F15BC4182DD8EFB860AD49347D70A
                                          SHA-512:FB33BC273D756C0D019EE2FBA1BC592816D7128C215BC15ED264F3FDEA6D0FB0D70A377A98F2756CA10661EA8EEF6EF27049FFE1405EEBCA0F36777FF41D8F4F
                                          Malicious:false
                                          Reputation:low
                                          Preview:@...e.................................(.4.......................
                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                          File Type:ASCII text, with no line terminators
                                          Category:dropped
                                          Size (bytes):60
                                          Entropy (8bit):4.038920595031593
                                          Encrypted:false
                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                          Malicious:false
                                          Reputation:high, very likely benign file
                                          Preview:# PowerShell test file to determine AppLocker lockdown mode
                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                          File Type:ASCII text, with no line terminators
                                          Category:dropped
                                          Size (bytes):60
                                          Entropy (8bit):4.038920595031593
                                          Encrypted:false
                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                          Malicious:false
                                          Reputation:high, very likely benign file
                                          Preview:# PowerShell test file to determine AppLocker lockdown mode
                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):6221
                                          Entropy (8bit):3.7320610583357903
                                          Encrypted:false
                                          SSDEEP:48:JtI0F0pJLPr3C4U28Lj8ukvhkvklCywTmdCYkSmlCNSogZoOiYkSmlCNSogZoK1:D6733CxHLhkvhkvCCt0kSmJHfkSmJHh
                                          MD5:8BC15BCFEABEE0525B77543F256F7487
                                          SHA1:46163AF9024B7C4EB2C57420B14A24A076DC880F
                                          SHA-256:71EE2A576B50CA24A18873739639B45D0BDD5C6A91EC26195799B4D1CB02FD54
                                          SHA-512:AB3EF669D6B0A88E1A29CB63B3C6C083723FF854BD0E142E844C85BE7AF256C14243FB87463249F7320CAFCA69CA810444BB5BC33636C2F2B00D458E60660E6F
                                          Malicious:false
                                          Preview:...................................FL..................F.".. ...-/.v....BL..k;..z.:{.............................:..DG..Yr?.D..U..k0.&...&......vk.v....u...k;......k;......t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^tY............................%..A.p.p.D.a.t.a...B.V.1.....tY...Roaming.@......CW.^tY...............................R.o.a.m.i.n.g.....\.1.....DW.N..MICROS~1..D......CW.^tY...........................9D..M.i.c.r.o.s.o.f.t.....V.1.....DWQ`..Windows.@......CW.^DWQ`..............................W.i.n.d.o.w.s.......1.....CW.^..STARTM~1..n......CW.^DW.`....................D.....=X..S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1.....DW.N..Programs..j......CW.^DW.`....................@.........P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....n.1......O.K..WINDOW~1..V......CW.^DW.`..........................d...W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....z.2......O.I .WINDOW~1.LNK..^......CW.^tY.....Q...........
                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):6221
                                          Entropy (8bit):3.7320610583357903
                                          Encrypted:false
                                          SSDEEP:48:JtI0F0pJLPr3C4U28Lj8ukvhkvklCywTmdCYkSmlCNSogZoOiYkSmlCNSogZoK1:D6733CxHLhkvhkvCCt0kSmJHfkSmJHh
                                          MD5:8BC15BCFEABEE0525B77543F256F7487
                                          SHA1:46163AF9024B7C4EB2C57420B14A24A076DC880F
                                          SHA-256:71EE2A576B50CA24A18873739639B45D0BDD5C6A91EC26195799B4D1CB02FD54
                                          SHA-512:AB3EF669D6B0A88E1A29CB63B3C6C083723FF854BD0E142E844C85BE7AF256C14243FB87463249F7320CAFCA69CA810444BB5BC33636C2F2B00D458E60660E6F
                                          Malicious:false
                                          Preview:...................................FL..................F.".. ...-/.v....BL..k;..z.:{.............................:..DG..Yr?.D..U..k0.&...&......vk.v....u...k;......k;......t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^tY............................%..A.p.p.D.a.t.a...B.V.1.....tY...Roaming.@......CW.^tY...............................R.o.a.m.i.n.g.....\.1.....DW.N..MICROS~1..D......CW.^tY...........................9D..M.i.c.r.o.s.o.f.t.....V.1.....DWQ`..Windows.@......CW.^DWQ`..............................W.i.n.d.o.w.s.......1.....CW.^..STARTM~1..n......CW.^DW.`....................D.....=X..S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1.....DW.N..Programs..j......CW.^DW.`....................@.........P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....n.1......O.K..WINDOW~1..V......CW.^DW.`..........................d...W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....z.2......O.I .WINDOW~1.LNK..^......CW.^tY.....Q...........
                                          File type:Unicode text, UTF-16, little-endian text, with very long lines (29340)
                                          Entropy (8bit):4.151689189289376
                                          TrID:
                                          • Text - UTF-16 (LE) encoded (2002/1) 64.44%
                                          • MP3 audio (1001/1) 32.22%
                                          • Lumena CEL bitmap (63/63) 2.03%
                                          • Corel Photo Paint (41/41) 1.32%
                                          File name:ahmbf.ps1
                                          File size:1'916'592 bytes
                                          MD5:41aaa0283372e0a4c4e9231f766f68f3
                                          SHA1:65b5d719a4e8802b3ad44e02b7531a796e657050
                                          SHA256:6c8d9120fb409fe443c79fcda2a76303dd3dfd93b2608f5d8274b7e20f88569a
                                          SHA512:8e4a929bc90b8db5cc5616dc16801f246020e7d9bf4885d812b44eba09c4f4c074a63594292bff84e8f84a2044cb0239dfcf6def657f8a44e6435ec29aa10e7f
                                          SSDEEP:12288:dAM/QP1u8r/9xCVccogaoJXyIgU3KgL+HZAma2y4QQxRl7mt2+de8uN4xzk4r4wq:UAi48IY2xZ2bUY+gjgsLhArkZJFrcBt4
                                          TLSH:9E9538242BAA101A71F3EE4B5AE47CAE895EB723E6C6247B1059034B4713D40FF917F9
                                          File Content Preview:....$.X.o.h.s.K. .=. .'.R.e.g.A.s.m...e.x.e.'...$.G.T.w.R.E. .=. .'.N.h.q.I.M.C.:.\.U.s.e.r.s.\.f.a.n.n.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.L.o.w.\.D.a.f.t. .S.y.t.e.m.\.P.r.o.g.r.a.m. .R.u.l.e.s. .N.V.I.D.E.O.\.P.r.o.g.r.a.m. .R.u.l.e.s. .N.V.I.D.E.O.\.P.r.o.g
                                          Icon Hash:3270d6baae77db44
                                          TimestampSource PortDest PortSource IPDest IP
                                          Nov 20, 2024 17:46:54.359286070 CET49730443192.168.2.4172.67.19.24
                                          Nov 20, 2024 17:46:54.359345913 CET44349730172.67.19.24192.168.2.4
                                          Nov 20, 2024 17:46:54.359416962 CET49730443192.168.2.4172.67.19.24
                                          Nov 20, 2024 17:46:54.369009018 CET49730443192.168.2.4172.67.19.24
                                          Nov 20, 2024 17:46:54.369040012 CET44349730172.67.19.24192.168.2.4
                                          Nov 20, 2024 17:46:55.695111036 CET44349730172.67.19.24192.168.2.4
                                          Nov 20, 2024 17:46:55.695203066 CET49730443192.168.2.4172.67.19.24
                                          Nov 20, 2024 17:46:55.697505951 CET49730443192.168.2.4172.67.19.24
                                          Nov 20, 2024 17:46:55.697521925 CET44349730172.67.19.24192.168.2.4
                                          Nov 20, 2024 17:46:55.697768927 CET44349730172.67.19.24192.168.2.4
                                          Nov 20, 2024 17:46:55.709253073 CET49730443192.168.2.4172.67.19.24
                                          Nov 20, 2024 17:46:55.755323887 CET44349730172.67.19.24192.168.2.4
                                          Nov 20, 2024 17:46:56.164190054 CET44349730172.67.19.24192.168.2.4
                                          Nov 20, 2024 17:46:56.164290905 CET44349730172.67.19.24192.168.2.4
                                          Nov 20, 2024 17:46:56.164382935 CET49730443192.168.2.4172.67.19.24
                                          Nov 20, 2024 17:46:56.172030926 CET49730443192.168.2.4172.67.19.24
                                          Nov 20, 2024 17:46:57.765830994 CET497317211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:46:57.887485981 CET72114973131.13.224.69192.168.2.4
                                          Nov 20, 2024 17:46:57.889647007 CET497317211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:46:57.899128914 CET497317211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:46:58.021431923 CET72114973131.13.224.69192.168.2.4
                                          Nov 20, 2024 17:46:58.021502972 CET497317211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:46:58.141649961 CET72114973131.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:00.114799976 CET72114973131.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:00.115001917 CET497317211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:00.115778923 CET497317211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:00.222997904 CET497327211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:00.268898964 CET72114973131.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:00.342807055 CET72114973231.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:00.342890024 CET497327211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:00.343832016 CET497327211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:00.463646889 CET72114973231.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:00.463893890 CET497327211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:00.583941936 CET72114973231.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:02.582768917 CET72114973231.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:02.582892895 CET497327211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:02.583050013 CET497327211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:02.690423965 CET497337211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:02.709664106 CET72114973231.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:02.873810053 CET72114973331.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:02.873970032 CET497337211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:02.874852896 CET497337211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:02.994923115 CET72114973331.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:02.995049953 CET497337211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:03.114960909 CET72114973331.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:05.058248043 CET72114973331.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:05.058350086 CET497337211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:05.058533907 CET497337211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:05.174827099 CET497347211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:05.182287931 CET72114973331.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:05.295300007 CET72114973431.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:05.295416117 CET497347211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:05.296081066 CET497347211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:05.416507959 CET72114973431.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:05.416568995 CET497347211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:05.542105913 CET72114973431.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:07.686113119 CET72114973431.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:07.686240911 CET497347211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:07.686419010 CET497347211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:07.799925089 CET497367211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:07.807110071 CET72114973431.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:07.919876099 CET72114973631.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:07.919946909 CET497367211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:07.920707941 CET497367211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:08.044058084 CET72114973631.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:08.044130087 CET497367211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:08.165452003 CET72114973631.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:10.243308067 CET72114973631.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:10.243503094 CET497367211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:10.243561029 CET497367211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:10.347024918 CET497397211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:10.363244057 CET72114973631.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:10.466757059 CET72114973931.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:10.466865063 CET497397211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:10.467653990 CET497397211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:10.588217020 CET72114973931.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:10.588300943 CET497397211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:10.708987951 CET72114973931.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:12.729084969 CET72114973931.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:12.729151011 CET497397211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:12.729350090 CET497397211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:12.846674919 CET497427211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:12.854332924 CET72114973931.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:12.972589016 CET72114974231.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:12.972692013 CET497427211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:12.973540068 CET497427211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:13.098000050 CET72114974231.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:13.099837065 CET497427211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:13.219461918 CET72114974231.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:15.167870998 CET72114974231.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:15.168066025 CET497427211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:15.168257952 CET497427211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:15.284214973 CET497447211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:15.294612885 CET72114974231.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:15.403806925 CET72114974431.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:15.403898001 CET497447211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:15.404798031 CET497447211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:15.524401903 CET72114974431.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:15.524499893 CET497447211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:15.644339085 CET72114974431.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:17.595118046 CET72114974431.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:17.595204115 CET497447211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:17.595364094 CET497447211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:17.706648111 CET497457211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:17.714903116 CET72114974431.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:17.826364040 CET72114974531.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:17.826513052 CET497457211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:17.827326059 CET497457211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:17.947060108 CET72114974531.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:17.947133064 CET497457211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:18.066843987 CET72114974531.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:20.134558916 CET72114974531.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:20.134783983 CET497457211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:20.134891033 CET497457211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:20.237472057 CET497467211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:20.254416943 CET72114974531.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:20.358197927 CET72114974631.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:20.358386040 CET497467211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:20.359627962 CET497467211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:20.485379934 CET72114974631.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:20.485449076 CET497467211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:20.605230093 CET72114974631.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:22.620373964 CET72114974631.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:22.620465994 CET497467211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:22.620625019 CET497467211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:22.737307072 CET497477211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:22.745507956 CET72114974631.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:22.859185934 CET72114974731.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:22.859338045 CET497477211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:22.860101938 CET497477211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:22.986645937 CET72114974731.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:22.986728907 CET497477211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:23.106317997 CET72114974731.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:25.105577946 CET72114974731.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:25.105815887 CET497477211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:25.105815887 CET497477211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:25.221648932 CET497487211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:25.225945950 CET72114974731.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:25.341403961 CET72114974831.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:25.341497898 CET497487211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:25.342175007 CET497487211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:25.463200092 CET72114974831.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:25.463284016 CET497487211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:25.583230972 CET72114974831.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:27.615231037 CET72114974831.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:27.615483999 CET497487211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:27.615606070 CET497487211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:27.721770048 CET497497211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:27.770664930 CET72114974831.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:27.890898943 CET72114974931.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:27.891125917 CET497497211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:27.892368078 CET497497211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:28.014851093 CET72114974931.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:28.014965057 CET497497211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:28.135912895 CET72114974931.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:30.196027994 CET72114974931.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:30.196147919 CET497497211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:30.196352005 CET497497211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:30.300045013 CET497507211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:30.315968990 CET72114974931.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:30.419934988 CET72114975031.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:30.420226097 CET497507211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:30.421180964 CET497507211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:30.544230938 CET72114975031.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:30.544425011 CET497507211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:30.668135881 CET72114975031.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:32.600254059 CET72114975031.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:32.600347996 CET497507211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:32.600514889 CET497507211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:32.706629038 CET497517211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:32.720089912 CET72114975031.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:32.826606989 CET72114975131.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:32.826769114 CET497517211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:32.828763962 CET497517211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:32.951091051 CET72114975131.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:32.951188087 CET497517211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:33.070724964 CET72114975131.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:35.054631948 CET72114975131.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:35.054807901 CET497517211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:35.055013895 CET497517211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:35.159085989 CET497527211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:35.174504995 CET72114975131.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:35.279494047 CET72114975231.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:35.279648066 CET497527211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:35.280445099 CET497527211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:35.400966883 CET72114975231.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:35.401099920 CET497527211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:35.522640944 CET72114975231.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:37.514566898 CET72114975231.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:37.514640093 CET497527211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:37.514784098 CET497527211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:37.627906084 CET497537211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:37.634262085 CET72114975231.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:37.747586012 CET72114975331.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:37.747716904 CET497537211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:37.748327017 CET497537211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:37.869570017 CET72114975331.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:37.869643927 CET497537211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:37.991075993 CET72114975331.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:39.947376966 CET72114975331.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:39.947789907 CET497537211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:39.947978020 CET497537211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:40.065356970 CET497547211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:40.070440054 CET72114975331.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:40.185432911 CET72114975431.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:40.185513973 CET497547211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:40.186162949 CET497547211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:40.305685043 CET72114975431.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:40.305762053 CET497547211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:40.429447889 CET72114975431.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:42.387407064 CET72114975431.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:42.387605906 CET497547211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:42.387758970 CET497547211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:42.503082991 CET497557211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:42.507426023 CET72114975431.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:42.623173952 CET72114975531.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:42.623280048 CET497557211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:42.623960972 CET497557211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:42.744113922 CET72114975531.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:42.744204998 CET497557211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:42.872199059 CET72114975531.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:44.831257105 CET72114975531.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:44.831372023 CET497557211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:44.831651926 CET497557211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:44.940650940 CET497567211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:44.956460953 CET72114975531.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:45.067028999 CET72114975631.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:45.067266941 CET497567211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:45.068224907 CET497567211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:45.187876940 CET72114975631.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:45.188000917 CET497567211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:45.307667971 CET72114975631.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:47.262063980 CET72114975631.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:47.262209892 CET497567211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:47.262419939 CET497567211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:47.377998114 CET497577211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:47.384277105 CET72114975631.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:47.497987986 CET72114975731.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:47.498194933 CET497577211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:47.498830080 CET497577211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:47.618530035 CET72114975731.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:47.618622065 CET497577211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:47.740993023 CET72114975731.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:49.691761017 CET72114975731.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:49.692058086 CET497577211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:49.692312956 CET497577211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:49.799916029 CET497607211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:49.812098980 CET72114975731.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:49.922894001 CET72114976031.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:49.923118114 CET497607211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:49.924045086 CET497607211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:50.046225071 CET72114976031.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:50.046289921 CET497607211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:50.166979074 CET72114976031.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:52.206331015 CET72114976031.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:52.206422091 CET497607211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:52.206623077 CET497607211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:52.319766998 CET497667211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:52.326605082 CET72114976031.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:52.443708897 CET72114976631.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:52.443839073 CET497667211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:52.444482088 CET497667211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:52.570648909 CET72114976631.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:52.570744038 CET497667211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:52.693092108 CET72114976631.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:54.658438921 CET72114976631.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:54.658596039 CET497667211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:54.658740997 CET497667211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:54.768596888 CET497727211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:54.778295040 CET72114976631.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:54.889333010 CET72114977231.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:54.889548063 CET497727211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:54.890543938 CET497727211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:55.010801077 CET72114977231.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:55.010879993 CET497727211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:55.131362915 CET72114977231.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:57.220650911 CET72114977231.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:57.220741987 CET497727211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:57.220901966 CET497727211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:57.340398073 CET72114977231.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:57.564416885 CET497807211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:57.685694933 CET72114978031.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:57.685770988 CET497807211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:57.686714888 CET497807211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:57.807754993 CET72114978031.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:57.807857037 CET497807211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:57.927350998 CET72114978031.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:59.940310001 CET72114978031.13.224.69192.168.2.4
                                          Nov 20, 2024 17:47:59.940768003 CET497807211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:47:59.940937042 CET497807211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:00.049962044 CET497887211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:00.060669899 CET72114978031.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:00.171052933 CET72114978831.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:00.171327114 CET497887211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:00.172161102 CET497887211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:00.292788029 CET72114978831.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:00.292959929 CET497887211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:00.419291973 CET72114978831.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:02.431241989 CET72114978831.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:02.431653023 CET497887211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:02.435528040 CET497887211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:02.549910069 CET497957211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:02.560239077 CET72114978831.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:02.675086021 CET72114979531.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:02.675172091 CET497957211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:02.676110983 CET497957211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:02.795557022 CET72114979531.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:02.795618057 CET497957211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:02.915209055 CET72114979531.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:04.868117094 CET72114979531.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:04.868206024 CET497957211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:04.868479967 CET497957211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:04.971987963 CET498017211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:04.994693995 CET72114979531.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:05.098772049 CET72114980131.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:05.098844051 CET498017211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:05.099711895 CET498017211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:05.221750975 CET72114980131.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:05.221828938 CET498017211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:05.341404915 CET72114980131.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:07.296133041 CET72114980131.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:07.296205997 CET498017211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:07.296405077 CET498017211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:07.409133911 CET498077211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:07.416198969 CET72114980131.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:07.529103994 CET72114980731.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:07.529323101 CET498077211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:07.530118942 CET498077211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:07.655862093 CET72114980731.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:07.656090021 CET498077211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:07.778131962 CET72114980731.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:09.784591913 CET72114980731.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:09.784683943 CET498077211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:09.784828901 CET498077211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:09.893677950 CET498137211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:09.904407978 CET72114980731.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:10.013297081 CET72114981331.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:10.013478041 CET498137211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:10.014208078 CET498137211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:10.134002924 CET72114981331.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:10.134085894 CET498137211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:10.253613949 CET72114981331.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:12.178145885 CET72114981331.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:12.178353071 CET498137211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:12.178561926 CET498137211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:12.284759045 CET498197211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:12.298274040 CET72114981331.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:12.404726028 CET72114981931.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:12.404824972 CET498197211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:12.405827999 CET498197211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:12.525352001 CET72114981931.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:12.525413036 CET498197211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:12.644891977 CET72114981931.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:14.644778013 CET72114981931.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:14.644979954 CET498197211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:14.645109892 CET498197211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:14.753273964 CET498257211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:14.767919064 CET72114981931.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:14.873507977 CET72114982531.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:14.874095917 CET498257211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:14.874960899 CET498257211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:14.996614933 CET72114982531.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:14.998543978 CET498257211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:15.123975039 CET72114982531.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:17.079366922 CET72114982531.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:17.079443932 CET498257211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:17.079579115 CET498257211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:17.190712929 CET498317211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:17.199106932 CET72114982531.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:17.318690062 CET72114983131.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:17.318792105 CET498317211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:17.319456100 CET498317211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:17.443115950 CET72114983131.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:17.443331003 CET498317211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:17.563129902 CET72114983131.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:19.553756952 CET72114983131.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:19.553884029 CET498317211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:19.553982019 CET498317211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:19.659329891 CET498377211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:19.673683882 CET72114983131.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:19.781790972 CET72114983731.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:19.781964064 CET498377211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:19.782598019 CET498377211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:19.904927015 CET72114983731.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:19.905015945 CET498377211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:20.027540922 CET72114983731.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:21.999982119 CET72114983731.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:22.000082016 CET498377211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:22.000216961 CET498377211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:22.112816095 CET498437211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:22.121161938 CET72114983731.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:22.238106012 CET72114984331.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:22.238336086 CET498437211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:22.239131927 CET498437211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:22.360583067 CET72114984331.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:22.360861063 CET498437211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:22.480711937 CET72114984331.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:24.485263109 CET72114984331.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:24.485356092 CET498437211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:24.485462904 CET498437211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:24.596698999 CET498497211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:24.605035067 CET72114984331.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:24.716402054 CET72114984931.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:24.716583967 CET498497211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:24.717112064 CET498497211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:24.836705923 CET72114984931.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:24.838541985 CET498497211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:24.958425999 CET72114984931.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:26.954256058 CET72114984931.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:26.954320908 CET498497211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:26.954456091 CET498497211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:27.066730022 CET498557211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:27.079111099 CET72114984931.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:27.186877012 CET72114985531.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:27.186980963 CET498557211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:27.187624931 CET498557211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:27.307053089 CET72114985531.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:27.307128906 CET498557211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:27.426911116 CET72114985531.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:29.455360889 CET72114985531.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:29.455430984 CET498557211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:29.455630064 CET498557211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:29.565490961 CET498637211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:29.575447083 CET72114985531.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:29.687144041 CET72114986331.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:29.687258005 CET498637211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:29.687963963 CET498637211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:29.807770967 CET72114986331.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:29.810094118 CET498637211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:29.929761887 CET72114986331.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:31.890121937 CET72114986331.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:31.890348911 CET498637211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:31.890350103 CET498637211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:32.003104925 CET498697211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:32.011656046 CET72114986331.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:32.127170086 CET72114986931.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:32.127254963 CET498697211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:32.128281116 CET498697211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:32.250561953 CET72114986931.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:32.250616074 CET498697211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:32.372265100 CET72114986931.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:34.438945055 CET72114986931.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:34.439007998 CET498697211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:34.439172029 CET498697211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:34.550113916 CET498777211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:34.558650970 CET72114986931.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:34.671984911 CET72114987731.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:34.672076941 CET498777211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:34.672766924 CET498777211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:34.792530060 CET72114987731.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:34.792586088 CET498777211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:34.915930986 CET72114987731.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:36.888001919 CET72114987731.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:36.888065100 CET498777211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:36.888274908 CET498777211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:37.003067970 CET498847211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:37.009197950 CET72114987731.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:37.129023075 CET72114988431.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:37.130837917 CET498847211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:37.130837917 CET498847211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:37.257276058 CET72114988431.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:37.257880926 CET498847211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:37.379658937 CET72114988431.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:39.393266916 CET72114988431.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:39.393385887 CET498847211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:39.393523932 CET498847211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:39.503163099 CET498907211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:39.513024092 CET72114988431.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:39.623593092 CET72114989031.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:39.624490976 CET498907211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:39.624491930 CET498907211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:39.744254112 CET72114989031.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:39.745939970 CET498907211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:39.865513086 CET72114989031.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:41.801585913 CET72114989031.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:41.801692963 CET498907211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:41.802227974 CET498907211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:41.909208059 CET498967211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:41.922455072 CET72114989031.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:42.029187918 CET72114989631.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:42.029324055 CET498967211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:42.030004025 CET498967211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:42.149723053 CET72114989631.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:42.149837971 CET498967211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:42.273034096 CET72114989631.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:44.132602930 CET498967211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:44.258923054 CET72114989631.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:44.258982897 CET498967211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:44.302184105 CET72114989631.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:44.302236080 CET498967211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:44.302362919 CET498967211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:44.384881020 CET72114989631.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:44.409341097 CET499027211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:44.426753044 CET72114989631.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:44.426851988 CET72114989631.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:44.529156923 CET72114990231.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:44.529274940 CET499027211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:44.529954910 CET499027211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:44.656203032 CET72114990231.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:44.656330109 CET499027211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:44.788938046 CET72114990231.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:46.753602028 CET72114990231.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:46.753678083 CET499027211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:46.753777981 CET499027211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:46.862452030 CET499087211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:46.878362894 CET72114990231.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:46.985152006 CET72114990831.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:46.985291004 CET499087211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:46.986040115 CET499087211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:47.109174967 CET72114990831.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:47.115833998 CET499087211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:47.235641003 CET72114990831.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:49.222062111 CET72114990831.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:49.224036932 CET499087211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:49.224036932 CET499087211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:49.331290007 CET499147211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:49.343868017 CET72114990831.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:49.452342033 CET72114991431.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:49.453406096 CET499147211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:49.453406096 CET499147211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:49.573337078 CET72114991431.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:49.573430061 CET499147211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:49.694364071 CET72114991431.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:51.687676907 CET72114991431.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:51.688268900 CET499147211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:51.688500881 CET499147211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:51.800033092 CET499207211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:51.808088064 CET72114991431.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:51.919873953 CET72114992031.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:51.920315981 CET499207211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:51.922038078 CET499207211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:52.041835070 CET72114992031.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:52.041929960 CET499207211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:52.162214994 CET72114992031.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:54.147094011 CET72114992031.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:54.147156000 CET499207211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:54.147330999 CET499207211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:54.254190922 CET499267211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:54.269046068 CET72114992031.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:54.375164032 CET72114992631.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:54.375236034 CET499267211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:54.376229048 CET499267211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:54.502568007 CET72114992631.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:54.502618074 CET499267211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:54.622179031 CET72114992631.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:56.615143061 CET72114992631.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:56.615191936 CET499267211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:56.615371943 CET499267211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:56.721999884 CET499327211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:56.736773014 CET72114992631.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:56.841830015 CET72114993231.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:56.841912985 CET499327211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:56.842828035 CET499327211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:56.962404966 CET72114993231.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:56.962496042 CET499327211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:57.083543062 CET72114993231.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:59.119811058 CET72114993231.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:59.124056101 CET499327211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:59.124056101 CET499327211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:59.246941090 CET72114993231.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:59.478002071 CET499397211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:59.597831011 CET72114993931.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:59.598782063 CET499397211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:59.598782063 CET499397211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:59.724119902 CET72114993931.13.224.69192.168.2.4
                                          Nov 20, 2024 17:48:59.727952957 CET499397211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:48:59.847556114 CET72114993931.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:01.972050905 CET72114993931.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:01.972214937 CET499397211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:01.972333908 CET499397211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:02.081120014 CET499487211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:02.098969936 CET72114993931.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:02.207247019 CET72114994831.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:02.207351923 CET499487211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:02.208594084 CET499487211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:02.334213018 CET72114994831.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:02.334270000 CET499487211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:02.453881025 CET72114994831.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:04.444169998 CET72114994831.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:04.444236994 CET499487211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:04.444427967 CET499487211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:04.550132036 CET499547211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:04.564050913 CET72114994831.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:04.669872999 CET72114995431.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:04.669950008 CET499547211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:04.670980930 CET499547211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:04.790622950 CET72114995431.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:04.790755987 CET499547211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:04.911521912 CET72114995431.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:06.889849901 CET72114995431.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:06.890002966 CET499547211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:06.890263081 CET499547211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:07.003793001 CET499617211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:07.011342049 CET72114995431.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:07.123589039 CET72114996131.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:07.123869896 CET499617211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:07.127367973 CET499617211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:07.247279882 CET72114996131.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:07.251214981 CET499617211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:07.374126911 CET72114996131.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:09.390450954 CET72114996131.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:09.394110918 CET499617211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:09.394229889 CET499617211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:09.502923012 CET499677211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:09.514167070 CET72114996131.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:09.627927065 CET72114996731.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:09.628289938 CET499677211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:09.628959894 CET499677211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:09.753222942 CET72114996731.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:09.755939960 CET499677211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:09.880244970 CET72114996731.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:11.899280071 CET72114996731.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:11.899374962 CET499677211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:11.899619102 CET499677211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:12.003166914 CET499737211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:12.080955029 CET72114996731.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:12.123159885 CET72114997331.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:12.126106024 CET499737211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:12.134953022 CET499737211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:12.254862070 CET72114997331.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:12.254972935 CET499737211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:12.374504089 CET72114997331.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:14.321116924 CET72114997331.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:14.321276903 CET499737211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:14.321415901 CET499737211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:14.425223112 CET499797211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:14.441019058 CET72114997331.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:14.544852972 CET72114997931.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:14.544934988 CET499797211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:14.545871973 CET499797211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:14.667517900 CET72114997931.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:14.667586088 CET499797211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:14.787771940 CET72114997931.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:16.796108007 CET72114997931.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:16.796161890 CET499797211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:16.796325922 CET499797211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:16.909559965 CET499857211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:16.915752888 CET72114997931.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:17.029201984 CET72114998531.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:17.029272079 CET499857211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:17.030122995 CET499857211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:17.153381109 CET72114998531.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:17.155972004 CET499857211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:17.276462078 CET72114998531.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:19.263637066 CET72114998531.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:19.267579079 CET499857211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:19.267579079 CET499857211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:19.381925106 CET499917211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:19.394001961 CET72114998531.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:19.502840042 CET72114999131.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:19.507069111 CET499917211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:19.507069111 CET499917211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:19.626715899 CET72114999131.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:19.630158901 CET499917211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:19.749744892 CET72114999131.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:21.754915953 CET72114999131.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:21.755006075 CET499917211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:21.755141973 CET499917211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:21.862611055 CET499977211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:21.874871016 CET72114999131.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:21.989128113 CET72114999731.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:21.989231110 CET499977211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:21.989913940 CET499977211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:22.114059925 CET72114999731.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:22.114144087 CET499977211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:22.233717918 CET72114999731.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:24.244860888 CET72114999731.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:24.244942904 CET499977211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:24.245297909 CET499977211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:24.362763882 CET500037211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:24.371893883 CET72114999731.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:24.484667063 CET72115000331.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:24.484822035 CET500037211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:24.485667944 CET500037211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:24.610146999 CET72115000331.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:24.610229015 CET500037211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:24.731334925 CET72115000331.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:26.703792095 CET72115000331.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:26.703880072 CET500037211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:26.704004049 CET500037211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:26.815809965 CET500107211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:26.823932886 CET72115000331.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:26.936351061 CET72115001031.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:26.936438084 CET500107211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:26.937098980 CET500107211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:27.058159113 CET72115001031.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:27.058231115 CET500107211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:27.177932024 CET72115001031.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:28.268815041 CET500107211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:28.435287952 CET72115001031.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:28.435347080 CET500107211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:28.554903030 CET72115001031.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:29.204456091 CET72115001031.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:29.207971096 CET500107211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:29.210233927 CET500107211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:29.315567017 CET500177211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:29.329755068 CET72115001031.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:29.438755989 CET72115001731.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:29.438941956 CET500177211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:29.442990065 CET500177211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:29.568340063 CET72115001731.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:29.573925018 CET500177211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:29.698857069 CET72115001731.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:31.765125990 CET72115001731.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:31.765523911 CET500177211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:31.766084909 CET500177211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:31.878396988 CET500247211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:31.886933088 CET72115001731.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:31.997941017 CET72115002431.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:31.998431921 CET500247211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:31.999089003 CET500247211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:32.119105101 CET72115002431.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:32.119266987 CET500247211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:32.238810062 CET72115002431.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:34.206731081 CET72115002431.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:34.206801891 CET500247211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:34.206974983 CET500247211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:34.315710068 CET500307211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:34.326550007 CET72115002431.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:34.437660933 CET72115003031.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:34.437742949 CET500307211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:34.438673973 CET500307211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:34.686682940 CET72115003031.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:34.686743021 CET500307211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:34.806960106 CET72115003031.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:35.893624067 CET500307211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:36.013258934 CET72115003031.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:36.013420105 CET500307211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:36.135772943 CET72115003031.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:36.725796938 CET72115003031.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:36.725882053 CET500307211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:36.726054907 CET500307211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:36.831562996 CET500377211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:36.845715046 CET72115003031.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:36.951518059 CET72115003731.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:36.951606035 CET500377211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:36.952435970 CET500377211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:37.072171926 CET72115003731.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:37.072237968 CET500377211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:37.192162991 CET72115003731.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:38.099937916 CET500377211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:38.226377964 CET72115003731.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:38.226469994 CET500377211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:38.346609116 CET72115003731.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:39.154884100 CET72115003731.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:39.154947042 CET500377211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:39.155162096 CET500377211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:39.268776894 CET500437211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:39.275271893 CET72115003731.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:39.388936043 CET72115004331.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:39.389080048 CET500437211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:39.391937971 CET500437211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:39.512070894 CET72115004331.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:39.512367010 CET500437211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:39.632399082 CET72115004331.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:39.690624952 CET500437211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:39.810173035 CET72115004331.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:39.810314894 CET500437211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:39.929833889 CET72115004331.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:40.742652893 CET500437211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:40.869127989 CET72115004331.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:40.871954918 CET500437211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:40.998281002 CET72115004331.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:41.622445107 CET72115004331.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:41.622540951 CET500437211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:41.622725964 CET500437211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:41.737541914 CET500497211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:41.746773958 CET72115004331.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:41.857398033 CET72115004931.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:41.857527971 CET500497211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:41.858310938 CET500497211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:41.977798939 CET72115004931.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:41.977889061 CET500497211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:42.097628117 CET72115004931.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:44.057653904 CET72115004931.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:44.057811022 CET500497211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:44.057897091 CET500497211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:44.175110102 CET500567211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:44.177521944 CET72115004931.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:44.294707060 CET72115005631.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:44.294810057 CET500567211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:44.295723915 CET500567211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:44.415397882 CET72115005631.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:44.415493011 CET500567211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:44.542018890 CET72115005631.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:46.506531954 CET72115005631.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:46.506598949 CET500567211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:46.506710052 CET500567211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:46.612700939 CET500627211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:46.637032032 CET72115005631.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:46.732439995 CET72115006231.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:46.732573986 CET500627211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:46.733386993 CET500627211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:46.853641033 CET72115006231.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:46.853734016 CET500627211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:46.973388910 CET72115006231.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:48.906570911 CET72115006231.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:48.906637907 CET500627211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:48.906804085 CET500627211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:49.019021034 CET500687211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:49.033209085 CET72115006231.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:49.140392065 CET72115006831.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:49.140487909 CET500687211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:49.141380072 CET500687211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:49.260996103 CET72115006831.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:49.261075974 CET500687211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:49.381084919 CET72115006831.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:50.972002029 CET500687211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:51.098712921 CET72115006831.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:51.098768950 CET500687211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:51.287431955 CET72115006831.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:51.287566900 CET500687211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:51.287786007 CET500687211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:51.379501104 CET72115006831.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:51.393812895 CET500737211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:51.409107924 CET72115006831.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:51.409145117 CET72115006831.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:51.409162998 CET500687211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:51.515789986 CET72115007331.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:51.515896082 CET500737211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:51.518950939 CET500737211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:51.531347036 CET72115006831.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:51.644087076 CET72115007331.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:51.644304991 CET500737211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:51.770766020 CET72115007331.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:53.783526897 CET72115007331.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:53.783601046 CET500737211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:53.783802032 CET500737211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:53.895953894 CET500747211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:53.906564951 CET72115007331.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:54.017807961 CET72115007431.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:54.017959118 CET500747211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:54.018779993 CET500747211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:54.138298035 CET72115007431.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:54.140034914 CET500747211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:54.263017893 CET72115007431.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:56.234666109 CET72115007431.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:56.234785080 CET500747211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:56.234951973 CET500747211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:56.347100973 CET500757211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:56.360405922 CET72115007431.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:56.471297026 CET72115007531.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:56.471374035 CET500757211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:56.472326994 CET500757211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:56.592175961 CET72115007531.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:56.592227936 CET500757211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:56.712075949 CET72115007531.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:58.743031979 CET72115007531.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:58.743097067 CET500757211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:58.743263960 CET500757211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:58.847038031 CET500767211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:58.863801003 CET72115007531.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:58.966938019 CET72115007631.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:58.967021942 CET500767211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:58.967905998 CET500767211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:59.087822914 CET72115007631.13.224.69192.168.2.4
                                          Nov 20, 2024 17:49:59.087903023 CET500767211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:49:59.207787991 CET72115007631.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:01.195981979 CET72115007631.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:01.196037054 CET500767211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:01.196199894 CET500767211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:01.315701008 CET72115007631.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:01.546166897 CET500777211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:01.670051098 CET72115007731.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:01.672720909 CET500777211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:01.672722101 CET500777211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:01.793657064 CET72115007731.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:01.799985886 CET500777211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:01.920006990 CET72115007731.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:03.836894989 CET72115007731.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:03.837167025 CET500777211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:03.837260962 CET500777211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:03.940886974 CET500787211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:03.956779957 CET72115007731.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:04.061117887 CET72115007831.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:04.061322927 CET500787211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:04.062982082 CET500787211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:04.183665037 CET72115007831.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:04.183744907 CET500787211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:04.303416014 CET72115007831.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:06.065907001 CET500787211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:06.185482979 CET72115007831.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:06.185554981 CET500787211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:06.254376888 CET72115007831.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:06.254442930 CET500787211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:06.254760981 CET500787211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:06.305079937 CET72115007831.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:06.363109112 CET500797211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:06.373969078 CET72115007831.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:06.374191046 CET72115007831.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:06.483388901 CET72115007931.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:06.483493090 CET500797211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:06.484677076 CET500797211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:06.604409933 CET72115007931.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:06.604487896 CET500797211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:06.723990917 CET72115007931.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:08.644102097 CET500797211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:08.683125019 CET72115007931.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:08.683199883 CET500797211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:08.683372974 CET500797211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:08.763758898 CET72115007931.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:08.800589085 CET500807211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:08.802804947 CET72115007931.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:08.802989006 CET72115007931.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:08.920289993 CET72115008031.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:08.920388937 CET500807211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:08.921334028 CET500807211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:09.044277906 CET72115008031.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:09.044348001 CET500807211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:09.170836926 CET72115008031.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:11.226541042 CET72115008031.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:11.226612091 CET500807211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:11.226780891 CET500807211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:11.331473112 CET500817211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:11.347809076 CET72115008031.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:11.455358028 CET72115008131.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:11.455610037 CET500817211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:11.456320047 CET500817211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:11.575994015 CET72115008131.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:11.576164007 CET500817211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:11.697254896 CET72115008131.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:13.637628078 CET72115008131.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:13.638312101 CET500817211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:13.639507055 CET500817211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:13.753285885 CET500827211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:13.762955904 CET72115008131.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:13.872915030 CET72115008231.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:13.876127005 CET500827211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:13.879985094 CET500827211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:13.999594927 CET72115008231.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:14.000067949 CET500827211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:14.119705915 CET72115008231.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:14.425283909 CET500827211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:14.548161030 CET72115008231.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:14.548226118 CET500827211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:14.667768002 CET72115008231.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:16.056325912 CET72115008231.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:16.056624889 CET500827211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:16.056772947 CET500827211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:16.159655094 CET500837211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:16.176460028 CET72115008231.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:16.280306101 CET72115008331.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:16.280405045 CET500837211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:16.281172991 CET500837211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:16.401653051 CET72115008331.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:16.401732922 CET500837211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:16.521671057 CET72115008331.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:18.457196951 CET72115008331.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:18.457247972 CET500837211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:18.457473993 CET500837211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:18.566188097 CET500847211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:18.577018023 CET72115008331.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:18.685719013 CET72115008431.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:18.688095093 CET500847211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:18.733078003 CET500847211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:18.853461027 CET72115008431.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:18.855916977 CET500847211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:18.975684881 CET72115008431.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:20.176011086 CET500847211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:20.297400951 CET72115008431.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:20.297554970 CET500847211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:20.420800924 CET72115008431.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:20.896141052 CET72115008431.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:20.896215916 CET500847211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:20.896353960 CET500847211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:21.005110025 CET500857211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:21.016210079 CET72115008431.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:21.124567032 CET72115008531.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:21.124650002 CET500857211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:21.127177000 CET500857211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:21.248040915 CET72115008531.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:21.248200893 CET500857211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:21.373105049 CET72115008531.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:23.395687103 CET72115008531.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:23.396106005 CET500857211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:23.399104118 CET500857211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:23.503521919 CET500867211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:23.521181107 CET72115008531.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:23.624113083 CET72115008631.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:23.627837896 CET500867211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:23.627837896 CET500867211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:23.901349068 CET72115008631.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:23.901443005 CET500867211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:24.020983934 CET72115008631.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:26.002188921 CET72115008631.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:26.002445936 CET500867211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:26.002604961 CET500867211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:26.115034103 CET500877211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:26.123131037 CET72115008631.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:26.234730959 CET72115008731.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:26.234855890 CET500877211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:26.236862898 CET500877211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:26.357897043 CET72115008731.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:26.357940912 CET500877211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:26.478094101 CET72115008731.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:28.428227901 CET72115008731.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:28.428297997 CET500877211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:28.428478003 CET500877211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:28.534957886 CET500887211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:28.551069975 CET72115008731.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:28.657540083 CET72115008831.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:28.657627106 CET500887211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:28.658730030 CET500887211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:28.795923948 CET72115008831.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:28.796060085 CET500887211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:28.927007914 CET72115008831.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:36.325943947 CET72115008831.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:36.326011896 CET500887211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:36.326246023 CET500887211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:36.445725918 CET72115008831.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:36.451894045 CET500897211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:36.572611094 CET72115008931.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:36.572700024 CET500897211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:36.574038029 CET500897211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:36.693932056 CET72115008931.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:36.694001913 CET500897211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:36.820744991 CET72115008931.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:37.710273027 CET500897211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:37.834368944 CET72115008931.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:37.834628105 CET500897211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:37.958698034 CET72115008931.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:49.834983110 CET500897211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:49.954668999 CET72115008931.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:49.954777956 CET500897211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:50.074791908 CET72115008931.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:50.316096067 CET500897211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:50.435786963 CET72115008931.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:50.435856104 CET500897211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:50.555831909 CET72115008931.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:57.050410032 CET500897211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:57.174268007 CET72115008931.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:57.174345970 CET500897211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:57.293932915 CET72115008931.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:57.380146027 CET500897211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:57.500003099 CET72115008931.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:57.500153065 CET500897211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:57.620336056 CET72115008931.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:57.788052082 CET500897211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:57.919481993 CET72115008931.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:57.919714928 CET500897211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:58.040777922 CET72115008931.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:58.474746943 CET72115008931.13.224.69192.168.2.4
                                          Nov 20, 2024 17:50:58.474819899 CET500897211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:59.558080912 CET500897211192.168.2.431.13.224.69
                                          Nov 20, 2024 17:50:59.677892923 CET72115008931.13.224.69192.168.2.4
                                          TimestampSource PortDest PortSource IPDest IP
                                          Nov 20, 2024 17:46:54.213382006 CET6509253192.168.2.41.1.1.1
                                          Nov 20, 2024 17:46:54.352525949 CET53650921.1.1.1192.168.2.4
                                          Nov 20, 2024 17:46:57.533078909 CET6360953192.168.2.41.1.1.1
                                          Nov 20, 2024 17:46:57.763339996 CET53636091.1.1.1192.168.2.4
                                          Nov 20, 2024 17:47:57.330899000 CET5479753192.168.2.41.1.1.1
                                          Nov 20, 2024 17:47:57.563700914 CET53547971.1.1.1192.168.2.4
                                          Nov 20, 2024 17:48:59.237184048 CET6176453192.168.2.41.1.1.1
                                          Nov 20, 2024 17:48:59.477354050 CET53617641.1.1.1192.168.2.4
                                          Nov 20, 2024 17:50:01.299803972 CET5778753192.168.2.41.1.1.1
                                          Nov 20, 2024 17:50:01.541945934 CET53577871.1.1.1192.168.2.4
                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                          Nov 20, 2024 17:46:54.213382006 CET192.168.2.41.1.1.10xee02Standard query (0)pastebin.comA (IP address)IN (0x0001)false
                                          Nov 20, 2024 17:46:57.533078909 CET192.168.2.41.1.1.10x5859Standard query (0)xweb.ddns.netA (IP address)IN (0x0001)false
                                          Nov 20, 2024 17:47:57.330899000 CET192.168.2.41.1.1.10xbd3cStandard query (0)xweb.ddns.netA (IP address)IN (0x0001)false
                                          Nov 20, 2024 17:48:59.237184048 CET192.168.2.41.1.1.10xa22Standard query (0)xweb.ddns.netA (IP address)IN (0x0001)false
                                          Nov 20, 2024 17:50:01.299803972 CET192.168.2.41.1.1.10x6217Standard query (0)xweb.ddns.netA (IP address)IN (0x0001)false
                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                          Nov 20, 2024 17:46:54.352525949 CET1.1.1.1192.168.2.40xee02No error (0)pastebin.com172.67.19.24A (IP address)IN (0x0001)false
                                          Nov 20, 2024 17:46:54.352525949 CET1.1.1.1192.168.2.40xee02No error (0)pastebin.com104.20.4.235A (IP address)IN (0x0001)false
                                          Nov 20, 2024 17:46:54.352525949 CET1.1.1.1192.168.2.40xee02No error (0)pastebin.com104.20.3.235A (IP address)IN (0x0001)false
                                          Nov 20, 2024 17:46:57.763339996 CET1.1.1.1192.168.2.40x5859No error (0)xweb.ddns.net31.13.224.69A (IP address)IN (0x0001)false
                                          Nov 20, 2024 17:47:57.563700914 CET1.1.1.1192.168.2.40xbd3cNo error (0)xweb.ddns.net31.13.224.69A (IP address)IN (0x0001)false
                                          Nov 20, 2024 17:48:59.477354050 CET1.1.1.1192.168.2.40xa22No error (0)xweb.ddns.net31.13.224.69A (IP address)IN (0x0001)false
                                          Nov 20, 2024 17:50:01.541945934 CET1.1.1.1192.168.2.40x6217No error (0)xweb.ddns.net31.13.224.69A (IP address)IN (0x0001)false
                                          • pastebin.com
                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          0192.168.2.449730172.67.19.244437548C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                          TimestampBytes transferredDirectionData
                                          2024-11-20 16:46:55 UTC74OUTGET /raw/GF0ptUGb HTTP/1.1
                                          Host: pastebin.com
                                          Connection: Keep-Alive
                                          2024-11-20 16:46:56 UTC397INHTTP/1.1 200 OK
                                          Date: Wed, 20 Nov 2024 16:46:55 GMT
                                          Content-Type: text/plain; charset=utf-8
                                          Transfer-Encoding: chunked
                                          Connection: close
                                          x-frame-options: DENY
                                          x-content-type-options: nosniff
                                          x-xss-protection: 1;mode=block
                                          cache-control: public, max-age=1801
                                          CF-Cache-Status: HIT
                                          Age: 884
                                          Last-Modified: Wed, 20 Nov 2024 16:32:11 GMT
                                          Server: cloudflare
                                          CF-RAY: 8e59eb3fdf10425b-EWR
                                          2024-11-20 16:46:56 UTC11INData Raw: 36 0d 0a 66 61 6c 73 65 2c 0d 0a
                                          Data Ascii: 6false,
                                          2024-11-20 16:46:56 UTC5INData Raw: 30 0d 0a 0d 0a
                                          Data Ascii: 0


                                          Click to jump to process

                                          Click to jump to process

                                          Click to dive into process behavior distribution

                                          Click to jump to process

                                          Target ID:0
                                          Start time:11:46:50
                                          Start date:20/11/2024
                                          Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                          Wow64 process (32bit):false
                                          Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\ahmbf.ps1"
                                          Imagebase:0x7ff788560000
                                          File size:452'608 bytes
                                          MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:true

                                          Target ID:1
                                          Start time:11:46:50
                                          Start date:20/11/2024
                                          Path:C:\Windows\System32\conhost.exe
                                          Wow64 process (32bit):false
                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                          Imagebase:0x7ff7699e0000
                                          File size:862'208 bytes
                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:false

                                          Target ID:2
                                          Start time:11:46:55
                                          Start date:20/11/2024
                                          Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                          Imagebase:0xb40000
                                          File size:65'440 bytes
                                          MD5 hash:0D5DF43AF2916F47D00C1573797C1A13
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Yara matches:
                                          • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000002.00000002.4166334815.00000000056C0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000002.00000002.4161705360.0000000003FFC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000002.00000002.4156977457.0000000002E51000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                          Reputation:high
                                          Has exited:false

                                          Reset < >

                                            Execution Graph

                                            Execution Coverage:7.2%
                                            Dynamic/Decrypted Code Coverage:0%
                                            Signature Coverage:0%
                                            Total number of Nodes:14
                                            Total number of Limit Nodes:1
                                            execution_graph 2263 7ffd9baa5b95 2264 7ffd9baa5ba3 Wow64SetThreadContext 2263->2264 2266 7ffd9baa5c73 2264->2266 2267 7ffd9baa5fc5 2268 7ffd9baa5fd3 ResumeThread 2267->2268 2270 7ffd9baa606b 2268->2270 2271 7ffd9baa57ff 2272 7ffd9baa5832 CreateProcessW 2271->2272 2274 7ffd9baa5a93 2272->2274 2275 7ffd9baa5ea4 2276 7ffd9baa5ead 2275->2276 2277 7ffd9baa5e81 2276->2277 2278 7ffd9baa5f4a WriteProcessMemory 2276->2278 2279 7ffd9baa5f91 2278->2279

                                            Control-flow Graph

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1750507890.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9baa0000_powershell.jbxd
                                            Similarity
                                            • API ID: CreateProcess
                                            • String ID:
                                            • API String ID: 963392458-0
                                            • Opcode ID: d31a7b7c099419a867a7a736b5a76bfd3b0e6df628c25a3851189c37abfad4fd
                                            • Instruction ID: 67eb906f16024701a05ea8b4dd44ff9169079c311d9570c6d4bb415cedbca26a
                                            • Opcode Fuzzy Hash: d31a7b7c099419a867a7a736b5a76bfd3b0e6df628c25a3851189c37abfad4fd
                                            • Instruction Fuzzy Hash: FBC1E37190CB8C8FDB66DB68CC556E8BBF0EF5A310F0542DBD049D7292CA34A945CB81

                                            Control-flow Graph

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1750507890.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9baa0000_powershell.jbxd
                                            Similarity
                                            • API ID: MemoryProcessWrite
                                            • String ID:
                                            • API String ID: 3559483778-0
                                            • Opcode ID: 41b11491e198f5be849381f5b2448a2a19e26ebeed938f3d3532207880864f86
                                            • Instruction ID: b362298c48ba6f4e9b15c2828c3ee9503037a0b2cd88195bcfbdf4e9b5cbb806
                                            • Opcode Fuzzy Hash: 41b11491e198f5be849381f5b2448a2a19e26ebeed938f3d3532207880864f86
                                            • Instruction Fuzzy Hash: 4941E63190CB488FDB18DF9CA8466F9BBE1FB95321F00426FE089C3152DB74A446CB95

                                            Control-flow Graph

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1750507890.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9baa0000_powershell.jbxd
                                            Similarity
                                            • API ID: ContextThreadWow64
                                            • String ID:
                                            • API String ID: 983334009-0
                                            • Opcode ID: 338468917e117d6bcf0da03fb0cdf96d591feca6da0bb6f297677f309b4b9b3a
                                            • Instruction ID: ccd11500a20a483c415f72e70b7040b661409ad960f12c122f7a97185279ddc8
                                            • Opcode Fuzzy Hash: 338468917e117d6bcf0da03fb0cdf96d591feca6da0bb6f297677f309b4b9b3a
                                            • Instruction Fuzzy Hash: 5841173190D7888FDB16DFA88C457E97FE1EF56321F08429BD048C71A7DB64A805CB92

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 46 7ffd9baa5fc5-7ffd9baa5fd1 47 7ffd9baa5fdc-7ffd9baa6069 ResumeThread 46->47 48 7ffd9baa5fd3-7ffd9baa5fdb 46->48 51 7ffd9baa606b 47->51 52 7ffd9baa6071-7ffd9baa608d 47->52 48->47 51->52
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1750507890.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9baa0000_powershell.jbxd
                                            Similarity
                                            • API ID: ResumeThread
                                            • String ID:
                                            • API String ID: 947044025-0
                                            • Opcode ID: c7c68e77bdc5181d01638f827cd22044fc46c19fd570b87a9ee0719da821a615
                                            • Instruction ID: cf0ca4b3d935b558af1dc47fb12c7e536c4de9501c87e3ddb99d7aafeb38aac4
                                            • Opcode Fuzzy Hash: c7c68e77bdc5181d01638f827cd22044fc46c19fd570b87a9ee0719da821a615
                                            • Instruction Fuzzy Hash: E221E33190DA4C8FDB59DF98C845BE9BBE0EF56321F00426ED049C36A2DB70A455CB81

                                            Control-flow Graph

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1750754364.00007FFD9BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB70000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9bb70000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4d959e8aa3395c008c2d82dec4a260b1c95ededdd52678e1e98ff6e9d5696f7d
                                            • Instruction ID: f33268db87ad197aa2620184621a244365ca280584721cdeacc989b401dc3c84
                                            • Opcode Fuzzy Hash: 4d959e8aa3395c008c2d82dec4a260b1c95ededdd52678e1e98ff6e9d5696f7d
                                            • Instruction Fuzzy Hash: BFC16B72B0FB890FE7AAD66C58A51B47BD1FF96214B0902FFD08DC74E3D914A9068391

                                            Control-flow Graph

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1750754364.00007FFD9BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB70000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9bb70000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6d8de1784b52551a3185d82551043ed651a9817892bded60f31992715f4d0770
                                            • Instruction ID: f0bb5f7ea89284f0153587be82a16970af663b8ea25a7a4f31ade1aa9f5bafa2
                                            • Opcode Fuzzy Hash: 6d8de1784b52551a3185d82551043ed651a9817892bded60f31992715f4d0770
                                            • Instruction Fuzzy Hash: 67412822B0EE4E0BEBB9D66C58B157576C2FF94B28B8902BFD44DC35D6EE05ED014281

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 153 7ffd9bb70ace-7ffd9bb70ae4 154 7ffd9bb70afd-7ffd9bb70b02 153->154 155 7ffd9bb70ae6-7ffd9bb70af3 153->155 157 7ffd9bb70b9a-7ffd9bb70ba4 154->157 158 7ffd9bb70b08-7ffd9bb70b0b 154->158 155->154 159 7ffd9bb70af5-7ffd9bb70afb 155->159 161 7ffd9bb70bb3-7ffd9bb70bf6 157->161 162 7ffd9bb70ba6-7ffd9bb70bb2 157->162 158->157 160 7ffd9bb70b11-7ffd9bb70b14 158->160 159->154 163 7ffd9bb70b3b 160->163 164 7ffd9bb70b16-7ffd9bb70b39 160->164 167 7ffd9bb70b3d-7ffd9bb70b3f 163->167 164->167 167->157 170 7ffd9bb70b41-7ffd9bb70b4b 167->170 170->157 174 7ffd9bb70b4d-7ffd9bb70b63 170->174 176 7ffd9bb70b6a-7ffd9bb70b73 174->176 177 7ffd9bb70b8c-7ffd9bb70b99 176->177 178 7ffd9bb70b75-7ffd9bb70b82 176->178 178->177 180 7ffd9bb70b84-7ffd9bb70b8a 178->180 180->177
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1750754364.00007FFD9BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB70000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9bb70000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0605e33911e3fec0d80e562dd485eecf9d0e2123482d5ffe1e6a99a35589d40f
                                            • Instruction ID: a9e7dbbbcb8705e4c910be855aca24b40c8e97ac29c9d80c341edee5aa3fc61e
                                            • Opcode Fuzzy Hash: 0605e33911e3fec0d80e562dd485eecf9d0e2123482d5ffe1e6a99a35589d40f
                                            • Instruction Fuzzy Hash: 5C411B22B1EA5E0FEFB596A818B16B973C2EF54B18B49017BD44DC36D6DD08AE0543C1

                                            Control-flow Graph

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1750754364.00007FFD9BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB70000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9bb70000_powershell.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ea3066c90229f6479673c03edff0acc6d0b379b5428111cfec8879564125bb7f
                                            • Instruction ID: 7b15c3e58fb4da0d2ffff64b887bc9e5e52f63ca14dc66ed6cce893d48e1b2f1
                                            • Opcode Fuzzy Hash: ea3066c90229f6479673c03edff0acc6d0b379b5428111cfec8879564125bb7f
                                            • Instruction Fuzzy Hash: 1611F602F1FA1E07FBB8965C68F517465C1EF94A28BCA02BBE40DC35D6ED09ED111281

                                            Execution Graph

                                            Execution Coverage:10.4%
                                            Dynamic/Decrypted Code Coverage:100%
                                            Signature Coverage:8.8%
                                            Total number of Nodes:57
                                            Total number of Limit Nodes:3
                                            execution_graph 36355 2c8d548 36356 2c8d588 CloseHandle 36355->36356 36358 2c8d5b9 36356->36358 36359 2c8d2c0 36361 2c8d2d3 36359->36361 36363 2c8d378 36361->36363 36364 2c8d3c0 VirtualProtect 36363->36364 36366 2c8d35b 36364->36366 36367 5648d58 36369 5648d6d 36367->36369 36370 56490b1 36369->36370 36374 5649128 36370->36374 36379 5649138 36370->36379 36371 56490c9 36371->36369 36376 5649141 36374->36376 36375 5649331 36375->36371 36376->36375 36384 5732b90 36376->36384 36387 5736ee0 36376->36387 36381 5649141 36379->36381 36380 5649331 36380->36371 36381->36380 36382 5732b90 4 API calls 36381->36382 36383 5736ee0 LdrInitializeThunk 36381->36383 36382->36381 36383->36381 36398 5732c36 36384->36398 36403 57370b3 36387->36403 36406 5736f7b 36387->36406 36409 5737004 36387->36409 36412 5737195 36387->36412 36415 5736fd5 36387->36415 36418 5737037 36387->36418 36421 5737157 36387->36421 36424 5736ef0 36387->36424 36427 57371e1 36387->36427 36400 5732c43 36398->36400 36399 5732b99 36399->36376 36400->36399 36401 5732ec0 LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 36400->36401 36402 5732eb8 LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 36400->36402 36401->36400 36402->36400 36404 5736f1b 36403->36404 36430 5732ee0 36404->36430 36408 5736f1b 36406->36408 36407 5732ee0 LdrInitializeThunk 36407->36408 36408->36407 36410 5736f19 36409->36410 36411 5732ee0 LdrInitializeThunk 36410->36411 36411->36410 36413 5736f1b 36412->36413 36414 5732ee0 LdrInitializeThunk 36413->36414 36414->36413 36416 5736f1b 36415->36416 36417 5732ee0 LdrInitializeThunk 36416->36417 36417->36416 36419 5736f1b 36418->36419 36420 5732ee0 LdrInitializeThunk 36419->36420 36420->36419 36423 5736f1b 36421->36423 36422 5732ee0 LdrInitializeThunk 36422->36423 36423->36422 36425 5736f19 36424->36425 36426 5732ee0 LdrInitializeThunk 36425->36426 36426->36425 36429 5736f1b 36427->36429 36428 5732ee0 LdrInitializeThunk 36428->36429 36429->36428 36433 5732f09 36430->36433 36431 5733016 LdrInitializeThunk 36432 573302c 36431->36432 36432->36432 36433->36431 36433->36432
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166667016.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5720000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: ,bq$4$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
                                            • API String ID: 0-312445597
                                            • Opcode ID: 2544728d48a162c3a61393112c8b204a69c12f4a4a9905c6b43b390c99eff87a
                                            • Instruction ID: b692f5b38efcb063ed9ae0b3ea887b80cfd8b68bfeda18f27953728836fe768e
                                            • Opcode Fuzzy Hash: 2544728d48a162c3a61393112c8b204a69c12f4a4a9905c6b43b390c99eff87a
                                            • Instruction Fuzzy Hash: DEB21A34A002288FDB14DFA9C894BADB7B6FF48700F548599E506AB3A5CB70ED85DF50
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166667016.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5720000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: ,bq$4$$^q$$^q$$^q$$^q
                                            • API String ID: 0-2546334966
                                            • Opcode ID: d06926a9ba67d88c4959333de66356cb6e9700f3a784a66420d0472ef9b671ec
                                            • Instruction ID: f49d5fed1daa987248480f70a732be5dec1a28f49d7692465f5c619518b6c417
                                            • Opcode Fuzzy Hash: d06926a9ba67d88c4959333de66356cb6e9700f3a784a66420d0472ef9b671ec
                                            • Instruction Fuzzy Hash: 62220D34A00224CFDB24DF55C994BADB7B6FF48300F5481A9E50AAB3A5DB71AD81DF50

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 2077 2c84d0f-2c84d16 2078 2c84d18-2c84d32 2077->2078 2079 2c84d3d-2c84f8c 2078->2079
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4156447034.0000000002C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_2c80000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 4'^q$4'^q
                                            • API String ID: 0-2697143702
                                            • Opcode ID: c716567fdfd4e7cba48791c94acc655811f802c56936ba69e7e50cb42f105241
                                            • Instruction ID: 858a733b86138867e45eab398b0997767283f389ef8d7f77805b0069ae7fa705
                                            • Opcode Fuzzy Hash: c716567fdfd4e7cba48791c94acc655811f802c56936ba69e7e50cb42f105241
                                            • Instruction Fuzzy Hash: 2F5108B0A156158FD70CEFBBE95569ABBE3BBC8300B14C629C0059B3ACEB3459458B50
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4156447034.0000000002C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_2c80000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 4'^q$4'^q
                                            • API String ID: 0-2697143702
                                            • Opcode ID: ac18d04d8857f9714dc78e14ec1872568eb065cf34cf108c7c962eba14e2ef7d
                                            • Instruction ID: 4eec8509523bf742eecd491dfb459332627907b26c36ad229410fda5d6e27e6b
                                            • Opcode Fuzzy Hash: ac18d04d8857f9714dc78e14ec1872568eb065cf34cf108c7c962eba14e2ef7d
                                            • Instruction Fuzzy Hash: C051F9B4A156158FD70CEFBBE95569ABBE3BBC8300B14C629C0049B3ACEB3459458F50
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166766868.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5730000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: (bq
                                            • API String ID: 0-149360118
                                            • Opcode ID: 79b51dabc67339e74848494461526722727ceb34bac7ddb8814b76a9f8ec627d
                                            • Instruction ID: 06a0d1a7368dea3298bb01a2fc22b662fa0efc74f427f78340d2a2d9b8282c3e
                                            • Opcode Fuzzy Hash: 79b51dabc67339e74848494461526722727ceb34bac7ddb8814b76a9f8ec627d
                                            • Instruction Fuzzy Hash: EA527774B006158FDB14CF69C495A6EFBF2FF88310F648929E55ADB782DB30A901CB90
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166766868.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5730000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ab00ee024ae25509218e85be2f384939867954a74b9374292a3210008cc6643d
                                            • Instruction ID: 463fe0eb4780d38614f051cc0a61e20234cf333128b2bc9207d994329c181c32
                                            • Opcode Fuzzy Hash: ab00ee024ae25509218e85be2f384939867954a74b9374292a3210008cc6643d
                                            • Instruction Fuzzy Hash: A2417F74604106CFDB24DF65E54BBB977B3BB44365F1449A5F0029B2A7DB719880EB00
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166766868.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5730000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: \VSm
                                            • API String ID: 0-1782263414
                                            • Opcode ID: f7053fbe36f0d08fd37ba7fab48347db8ef664e03e1f957b464e16c3b355b0d2
                                            • Instruction ID: 6fa62b472fceb066a7b321deb48aa740a5d81baffcb7aba4939dccef29e93c9e
                                            • Opcode Fuzzy Hash: f7053fbe36f0d08fd37ba7fab48347db8ef664e03e1f957b464e16c3b355b0d2
                                            • Instruction Fuzzy Hash: 38914C70E00209DFDF14CFA9C9867EDBBF2BF88324F148129E415AB295EB749845DB81
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4164762152.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_53c0000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 1cc8ca7bef943166b623a90d08036bc1f5e79c01bcfcc4d2063d1795713f3e26
                                            • Instruction ID: 1f66da490a67e60143f1b2eb71096509b0510e479e8a23bdc0cd0eaed2538519
                                            • Opcode Fuzzy Hash: 1cc8ca7bef943166b623a90d08036bc1f5e79c01bcfcc4d2063d1795713f3e26
                                            • Instruction Fuzzy Hash: 6BF12A34A14214CFCB25DF28C994AA9BBB6FF88310F5585D9E50AAB365DB30ED81CF40
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166766868.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5730000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 323a3c7aa4aff37fa4f3d51a1062dee663b65d4e942695d7d11717a22e288f33
                                            • Instruction ID: d20e22123e9913e2913f705b74a6eba4be9b62f3e61d3c562af7fb24fe3307ce
                                            • Opcode Fuzzy Hash: 323a3c7aa4aff37fa4f3d51a1062dee663b65d4e942695d7d11717a22e288f33
                                            • Instruction Fuzzy Hash: 40C15B30A05604CFC748DB69E59ABAE77F3FB88325F158164F0069B796DB309885DF42
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166766868.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5730000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5f3f967665f189160bbb0d55f1cda725bdde207800b5d61e9a9dc16878ea148c
                                            • Instruction ID: d7b0ff9fa436d44abab11c9c61f519af07bc871e21678a4ad60999618e4f1215
                                            • Opcode Fuzzy Hash: 5f3f967665f189160bbb0d55f1cda725bdde207800b5d61e9a9dc16878ea148c
                                            • Instruction Fuzzy Hash: F6C16D30A08108CFD714CF55E48ABA9BBF3FB88325F148165E50A9B7A6DB74AD81DF44
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166766868.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5730000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ce9af7e84c93b21aaeace55aa6fd77c705416e388f8b61ca04dcae758de55644
                                            • Instruction ID: b58d3e8fd221d0474811d373a23b29d105753193f730065e63612db03e04fc71
                                            • Opcode Fuzzy Hash: ce9af7e84c93b21aaeace55aa6fd77c705416e388f8b61ca04dcae758de55644
                                            • Instruction Fuzzy Hash: 74B170B0E00219AFDF10CFA9D8867EDBBF2BF48724F148129E815E7255EB749845DB81
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166766868.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5730000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0731b1ca0341ea56af358bf2da1a64af3b24b19786c60ba953f5b9495912b8aa
                                            • Instruction ID: 3842fc916eac50693ce0b3e1b3d8e60176c692de1d127329776a90f0cffe6697
                                            • Opcode Fuzzy Hash: 0731b1ca0341ea56af358bf2da1a64af3b24b19786c60ba953f5b9495912b8aa
                                            • Instruction Fuzzy Hash: 1EB16C30A08104CFD714CF55E48ABA9BBF3FB88325F248165E50A9B7A6DB74AD81DF44
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166766868.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5730000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 99b1b12b26cba514e88503b8884f4883343e7d18d0f4f8086d910fb41830b655
                                            • Instruction ID: 0d3ab9db92eebd14c159653eb9a4419c17f01f651d7743eaef6bd67b3b5b37e1
                                            • Opcode Fuzzy Hash: 99b1b12b26cba514e88503b8884f4883343e7d18d0f4f8086d910fb41830b655
                                            • Instruction Fuzzy Hash: F2918F70A04214CFDB5CDF2AE54BBA977E3FB84325F148175E0069B296EB349A81EB44
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166240465.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5640000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: db913a8e2d264269512f43d4c0853c7d8b63f62a11166cb02f77f4d841bffb65
                                            • Instruction ID: 6864baaaa412774ed0c1ca584486587dac8eeece858e2a5501b6ef1c0e122607
                                            • Opcode Fuzzy Hash: db913a8e2d264269512f43d4c0853c7d8b63f62a11166cb02f77f4d841bffb65
                                            • Instruction Fuzzy Hash: A8919F34A44255CFEB18DF66E449BABBBF3FB89304F148265D406A7689D7349882CF50
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166240465.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5640000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 53ea0a5e222476d05b495428879b7f43eee7421a6c5f7729737a42520b1f9186
                                            • Instruction ID: 33ac90867721cb76161eed7e672ae566bcb462723462146b36be2247b3338926
                                            • Opcode Fuzzy Hash: 53ea0a5e222476d05b495428879b7f43eee7421a6c5f7729737a42520b1f9186
                                            • Instruction Fuzzy Hash: C391AF34A44259CFEB18DF66E449BAFBBF3BB89304F148265D406A7685DB349882CF50
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166240465.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5640000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ca1a5884b3be92bcce896e0aadb3d276fb35852c194beef35a00c41ec807d0a0
                                            • Instruction ID: ad1d505dafd7dbb0f35d5af63c5f29069607fd213399891181803faa525a8e4e
                                            • Opcode Fuzzy Hash: ca1a5884b3be92bcce896e0aadb3d276fb35852c194beef35a00c41ec807d0a0
                                            • Instruction Fuzzy Hash: AC819F34A84259CFEB18DF66E449BAFBBF3FB89304F148265D406A7685D7349882CF50
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166240465.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5640000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f955ead4931aaed3cd69664ba064d701a41511a38f9a4beded739e8eb168a50d
                                            • Instruction ID: 8367b75bfb491f0bbce4311a99cc55408eb65f45716a1c4170abf7515f4ad4de
                                            • Opcode Fuzzy Hash: f955ead4931aaed3cd69664ba064d701a41511a38f9a4beded739e8eb168a50d
                                            • Instruction Fuzzy Hash: 30819F34A84259CFEB18DF66E449BAFBBF3FB89304F148265D406A7685D7349882CF50
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166766868.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5730000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c6a1eaf8b730d4195ed3641eb623b220aea839cd29c2333507f498650de90968
                                            • Instruction ID: 204a8e1dbacbed1f4f1037bae21362e8d271462e9f2c55109c6a389ba0ba3a42
                                            • Opcode Fuzzy Hash: c6a1eaf8b730d4195ed3641eb623b220aea839cd29c2333507f498650de90968
                                            • Instruction Fuzzy Hash: 6F816C30A08215CFEB14CF56D486BA9BBF3FB84314F248165D6029B29BE7B49886DF40
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166766868.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5730000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 75f559620a20ba1cf3286dd8734bd083cf3615d290fc60d18aaf144d97f02d94
                                            • Instruction ID: 04d411aba07bed6e017d74e7d073d82150215cdc53f8cfa08e295e504872cf26
                                            • Opcode Fuzzy Hash: 75f559620a20ba1cf3286dd8734bd083cf3615d290fc60d18aaf144d97f02d94
                                            • Instruction Fuzzy Hash: F1514A347002108FC748EB2AE09BB693BEABB8C355F154169E40BCB39ADF349841CF55
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166766868.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5730000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: eb267631a171302941bde8bc60d7ab2483938298c8ab169a079f3f284f7bef73
                                            • Instruction ID: 5251ad11513ed105a936e723d0fecc4e279cd5d242ad9f0fc6fa9608d5436bbd
                                            • Opcode Fuzzy Hash: eb267631a171302941bde8bc60d7ab2483938298c8ab169a079f3f284f7bef73
                                            • Instruction Fuzzy Hash: 49515EB0A18205CFE75CDF1AD54BBB977E3FB84325F148164D0029B6A7EB749A81EB00
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166766868.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5730000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ac34bf34ca20ffc39185d3e73df663f75a3231428b8493762d6b2aa41035e5c4
                                            • Instruction ID: 671f93583ebd6f4839c0a979ea4b0a25084f48986f0152a589cd3e0bc67d18f5
                                            • Opcode Fuzzy Hash: ac34bf34ca20ffc39185d3e73df663f75a3231428b8493762d6b2aa41035e5c4
                                            • Instruction Fuzzy Hash: 25419E70728240CFE716CB15D94BB6677EBFF80324F1882A5D40AAB696DB309C81EE45

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 637 57283f0-572843c 641 5728442-5728454 637->641 642 57285ba-57285f3 637->642 645 5728456-57284a2 641->645 646 57284a4-57284ed 641->646 662 57284f0-5728530 645->662 646->662 667 5728532-5728538 662->667 668 572853a-5728544 662->668 669 5728547-572858a 667->669 668->669 676 57285b0-57285b7 669->676 677 572858c-57285a8 669->677 677->676
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166667016.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5720000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: (bq$4'^q$4'^q$4'^q$4'^q$pbq
                                            • API String ID: 0-723292480
                                            • Opcode ID: 816c204301cdc515dcf31230370704fb528f661c72b291bc9f0dbb88420d3b4d
                                            • Instruction ID: d19e48cbc734cd808012f8f61b4fa00b4168441f789cfd3f61f19dd72891ef4f
                                            • Opcode Fuzzy Hash: 816c204301cdc515dcf31230370704fb528f661c72b291bc9f0dbb88420d3b4d
                                            • Instruction Fuzzy Hash: 42518031A402098FC748DF69C9507AEBBF7BFC8300F14892C85499B359DF75E94A8BA1

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 812 5726fb8-5726fe0 814 5726fe2-5727029 812->814 815 572702e-572703c 812->815 864 5727485-572748c 814->864 816 572704b 815->816 817 572703e-5727049 call 5724348 815->817 818 572704d-5727054 816->818 817->818 821 572705a-572705e 818->821 822 572713d-5727141 818->822 824 5727064-5727068 821->824 825 572748d-57274b5 821->825 826 5727143-5727152 call 5722500 822->826 827 5727197-57271a1 822->827 829 572707a-57270d8 call 5724088 call 5724af0 824->829 830 572706a-5727074 824->830 835 57274bc-57274e6 825->835 843 5727156-572715b 826->843 831 57271a3-57271b2 call 5721ca8 827->831 832 57271da-5727200 827->832 874 572754b-5727575 829->874 875 57270de-5727138 829->875 830->829 830->835 847 57271b8-57271d5 831->847 848 57274ee-5727504 831->848 855 5727202-572720b 832->855 856 572720d 832->856 835->848 849 5727154 843->849 850 572715d-5727192 call 5726e88 843->850 847->864 872 572750c-5727544 848->872 849->843 850->864 863 572720f-5727237 855->863 856->863 879 5727308-572730c 863->879 880 572723d-5727256 863->880 872->874 882 5727577-572757d 874->882 883 572757f-5727585 874->883 875->864 884 5727386-5727390 879->884 885 572730e-5727327 879->885 880->879 907 572725c-572726b call 5721c40 880->907 882->883 894 5727586-57275c3 882->894 889 5727392-572739c 884->889 890 57273ed-57273f6 884->890 885->884 912 5727329-5727338 call 5721c40 885->912 905 57273a2-57273b4 889->905 906 572739e-57273a0 889->906 892 57273f8-5727426 call 5723880 call 57238a0 890->892 893 572742e-572747b 890->893 892->893 919 5727483 893->919 908 57273b6-57273b8 905->908 906->908 921 5727283-5727298 907->921 922 572726d-5727273 907->922 916 57273e6-57273eb 908->916 917 57273ba-57273be 908->917 936 5727350-572735b 912->936 937 572733a-5727340 912->937 916->889 916->890 924 57273c0-57273d9 917->924 925 57273dc-57273e1 call 5720a40 917->925 919->864 932 572729a-57272c6 call 57229d0 921->932 933 57272cc-57272d5 921->933 928 5727277-5727279 922->928 929 5727275 922->929 924->925 925->916 928->921 929->921 932->872 932->933 933->874 943 57272db-5727302 933->943 936->874 940 5727361-5727384 936->940 938 5727342 937->938 939 5727344-5727346 937->939 938->936 939->936 940->884 940->912 943->879 943->907
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166667016.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5720000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Hbq$Hbq$Hbq
                                            • API String ID: 0-2297679979
                                            • Opcode ID: 268e3a205358f180a76e62ad139ad6dbdce277cc6840450fb8459e5483ec6871
                                            • Instruction ID: f7ee1ba21061a88e48988d21da57b9582cfa2d4fe813067322315ef9a6f24326
                                            • Opcode Fuzzy Hash: 268e3a205358f180a76e62ad139ad6dbdce277cc6840450fb8459e5483ec6871
                                            • Instruction Fuzzy Hash: 2B126E74A002158FCB28DFA9C994AAEBBF6FF88300F14852DE50A9B351DB35ED45CB50

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 955 5728de8-5728e25 957 5728e47-5728e5d call 5728bf0 955->957 958 5728e27-5728e2a 955->958 964 57291d3-57291e7 957->964 965 5728e63-5728e6f 957->965 1069 5728e2c call 5729700 958->1069 1070 5728e2c call 5729758 958->1070 960 5728e32-5728e34 960->957 962 5728e36-5728e3e 960->962 962->957 972 5729227-5729230 964->972 966 5728fa0-5728fa7 965->966 967 5728e75-5728e78 965->967 969 57290d6-5729113 call 57285f8 call 572b4d8 966->969 970 5728fad-5728fb6 966->970 971 5728e7b-5728e84 967->971 1014 5729119-57291ca call 57285f8 969->1014 970->969 973 5728fbc-57290c8 call 57285f8 call 5728b88 call 57285f8 970->973 975 5728e8a-5728e9e 971->975 976 57292c8 971->976 977 5729232-5729239 972->977 978 57291f5-57291fe 972->978 1067 57290d3 973->1067 1068 57290ca 973->1068 989 5728f90-5728f9a 975->989 990 5728ea4-5728f39 call 5728bf0 * 2 call 57285f8 call 5728b88 call 5728c30 call 5728cd8 call 5728d40 975->990 980 57292cd-57292d1 976->980 984 5729287-572928e 977->984 985 572923b-572927e call 57285f8 977->985 978->976 982 5729204-5729216 978->982 987 57292d3 980->987 988 57292dc 980->988 1002 5729226 982->1002 1003 5729218-572921d 982->1003 995 57292b3-57292c6 984->995 996 5729290-57292a0 984->996 985->984 987->988 1001 57292dd 988->1001 989->966 989->971 1046 5728f3b-5728f53 call 5728cd8 call 57285f8 call 57288a8 990->1046 1047 5728f58-5728f8b call 5728d40 990->1047 995->980 996->995 1010 57292a2-57292aa 996->1010 1001->1001 1002->972 1071 5729220 call 572bc6a 1003->1071 1072 5729220 call 572bc78 1003->1072 1010->995 1014->964 1046->1047 1047->989 1067->969 1068->1067 1069->960 1070->960 1071->1002 1072->1002
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166667016.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5720000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 4'^q$4'^q$4'^q
                                            • API String ID: 0-1196845430
                                            • Opcode ID: 914dfa004173b1e70b854fd693177f7ba457272b1565c4739402dbd0d8f0ce4c
                                            • Instruction ID: b08ef0e9afb43f26d24cfd2dbb25354205d7d3f95c5aecbfeedc832750dd27d4
                                            • Opcode Fuzzy Hash: 914dfa004173b1e70b854fd693177f7ba457272b1565c4739402dbd0d8f0ce4c
                                            • Instruction Fuzzy Hash: 1FF1C834B10218DFCB08DFA4D998A9DBBB2FF89300F158559E506AB3A5DB71EC42CB51

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1074 572e6e0-572e700 1075 572e706-572e70a 1074->1075 1076 572e819-572e83e 1074->1076 1077 572e710-572e719 1075->1077 1078 572e845-572e86a 1075->1078 1076->1078 1079 572e871-572e8a7 1077->1079 1080 572e71f-572e746 1077->1080 1078->1079 1097 572e8ae-572e904 1079->1097 1091 572e80e-572e818 1080->1091 1092 572e74c-572e74e 1080->1092 1094 572e750-572e753 1092->1094 1095 572e76f-572e771 1092->1095 1096 572e759-572e763 1094->1096 1094->1097 1098 572e774-572e778 1095->1098 1096->1097 1100 572e769-572e76d 1096->1100 1113 572e906-572e91a 1097->1113 1114 572e928-572e93f 1097->1114 1101 572e77a-572e789 1098->1101 1102 572e7d9-572e7e5 1098->1102 1100->1095 1100->1098 1101->1097 1109 572e78f-572e7d6 call 5720a70 1101->1109 1102->1097 1103 572e7eb-572e808 call 5720a70 1102->1103 1103->1091 1103->1092 1109->1102 1192 572e91d call 572ef62 1113->1192 1193 572e91d call 572eed2 1113->1193 1194 572e91d call 572eed8 1113->1194 1122 572e945-572ea2a call 5728bf0 call 57285f8 call 572dcf0 call 57285f8 call 5728c30 call 572cc78 call 57285f8 call 572b4d8 call 5729498 1114->1122 1123 572ea2f-572ea3f 1114->1123 1120 572e923 1124 572eb51-572eb5c 1120->1124 1122->1123 1134 572ea45-572eb1e call 5728bf0 * 2 call 57293a8 call 57285f8 call 572dcf0 call 57285f8 call 57288a8 call 5728d40 call 57285f8 1123->1134 1135 572eb2c-572eb48 call 57285f8 1123->1135 1131 572eb8b-572ebac call 5728d40 1124->1131 1132 572eb5e-572eb6e 1124->1132 1145 572eb70-572eb76 1132->1145 1146 572eb7e-572eb86 call 5729498 1132->1146 1189 572eb20 1134->1189 1190 572eb29 1134->1190 1135->1124 1145->1146 1146->1131 1189->1190 1190->1135 1192->1120 1193->1120 1194->1120
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166667016.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5720000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: (bq$(bq$Hbq
                                            • API String ID: 0-2835675688
                                            • Opcode ID: 3fa4ebc0630c070fa4015de683c94e809eb5312fb8c8139508b0923de4409785
                                            • Instruction ID: 7b2c9de4954e6eb1dc258dd4508651ad9e1e344ffd8fa4e3f2cd382880c3313f
                                            • Opcode Fuzzy Hash: 3fa4ebc0630c070fa4015de683c94e809eb5312fb8c8139508b0923de4409785
                                            • Instruction Fuzzy Hash: CEE12E34B00219DFCB04EF64D4989ADBBB6FF89300F508569E906AB365DB30ED86DB51
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4165030237.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5400000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 4'^q$4'^q
                                            • API String ID: 0-2697143702
                                            • Opcode ID: 5bb975a6c42b7f9f9bb5383f2b5c90daf53228971ab9340560463c84563dc7d4
                                            • Instruction ID: 68c3bcd76329992527f33bc12837460e126f0432670d3b8b9de39263895d3b96
                                            • Opcode Fuzzy Hash: 5bb975a6c42b7f9f9bb5383f2b5c90daf53228971ab9340560463c84563dc7d4
                                            • Instruction Fuzzy Hash: 7502F424B042158B9A255629185C7FF6AEBABC8741FF4647BD60FCB7C4DE70CC428792

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1461 5400810-5400827 1462 5400829-540082f 1461->1462 1463 540083f-5400841 1461->1463 1464 5400831 1462->1464 1465 5400833-540083d 1462->1465 1466 5400c52-5400c5d 1463->1466 1464->1463 1465->1463 1469 5400c63-5400c65 1466->1469 1470 5400846-5400849 1466->1470 1473 5400c85-5400c87 1469->1473 1474 5400c67-5400c7d 1469->1474 1471 54008e3-54008e6 1470->1471 1472 540084f-5400851 1470->1472 1477 54008ec-54008ee 1471->1477 1478 54009dd-54009e0 1471->1478 1479 5400871-5400880 1472->1479 1480 5400853-5400869 1472->1480 1475 5400ca1-5400caa 1473->1475 1476 5400c89-5400c8f 1473->1476 1474->1473 1481 5400c91 1476->1481 1482 5400c93-5400c9f 1476->1482 1485 54008f0-5400906 1477->1485 1486 540090e-540091d 1477->1486 1483 54009e2-54009e4 1478->1483 1484 5400a1e-5400a21 1478->1484 1502 5400882-540089b 1479->1502 1503 540089d-54008a0 1479->1503 1480->1479 1481->1475 1482->1475 1488 5400a04-5400a19 1483->1488 1489 54009e6-54009fc 1483->1489 1491 5400a23-5400a25 1484->1491 1492 5400a64-5400a67 1484->1492 1485->1486 1512 540093a-540093e 1486->1512 1513 540091f-5400938 1486->1513 1488->1466 1489->1488 1500 5400a45-5400a4f 1491->1500 1501 5400a27-5400a3d 1491->1501 1496 5400a69-5400a6b 1492->1496 1497 5400aaa-5400aad 1492->1497 1510 5400a8b-5400a95 1496->1510 1511 5400a6d-5400a83 1496->1511 1507 5400ae8-5400aeb 1497->1507 1508 5400aaf-5400ab1 1497->1508 1500->1466 1534 5400a55-5400a5f 1500->1534 1501->1500 1502->1503 1505 54008a3 1503->1505 1611 54008a5 call 5731b1a 1505->1611 1612 54008a5 call 5731b28 1505->1612 1520 5400aed-5400aef 1507->1520 1521 5400b2e-5400b31 1507->1521 1517 5400ad1-5400ae3 1508->1517 1518 5400ab3-5400ac9 1508->1518 1510->1466 1537 5400a9b-5400a9d 1510->1537 1511->1510 1515 5400940-5400943 1512->1515 1516 5400968-540096b 1512->1516 1513->1512 1526 5400946-5400964 1515->1526 1541 5400972-540098c 1516->1541 1517->1466 1518->1517 1532 5400af1-5400b07 1520->1532 1533 5400b0f-5400b19 1520->1533 1527 5400b33-5400b35 1521->1527 1528 5400b6c-5400b6f 1521->1528 1597 5400966 1526->1597 1538 5400b55-5400b67 1527->1538 1539 5400b37-5400b4d 1527->1539 1542 5400b71-5400b73 1528->1542 1543 5400baa-5400bad 1528->1543 1530 54008ab-54008c1 1530->1505 1583 54008c3-54008c6 1530->1583 1532->1533 1533->1466 1559 5400b1f-5400b29 1533->1559 1534->1466 1560 5400aa5 1537->1560 1538->1466 1539->1538 1572 540098e-54009ad 1541->1572 1573 54009af-54009b5 1541->1573 1551 5400b93-5400ba5 1542->1551 1552 5400b75-5400b8b 1542->1552 1555 5400be7-5400bea 1543->1555 1556 5400baf-5400bb1 1543->1556 1551->1466 1552->1551 1562 5400c28-5400c2a 1555->1562 1563 5400bec-5400bee 1555->1563 1557 5400bd1-5400be5 1556->1557 1558 5400bb3-5400bc9 1556->1558 1557->1466 1558->1557 1559->1466 1560->1466 1575 5400c4a 1562->1575 1576 5400c2c-5400c42 1562->1576 1570 5400bf0-5400c06 1563->1570 1571 5400c0e-5400c18 1563->1571 1570->1571 1571->1466 1599 5400c1a-5400c26 1571->1599 1572->1541 1592 54009bd-54009c0 1573->1592 1575->1466 1576->1575 1586 54008c8-54008ca 1583->1586 1587 54008cc 1583->1587 1598 54008ce-54008d0 1586->1598 1587->1598 1600 54009c2-54009c4 1592->1600 1601 54009c6 1592->1601 1597->1592 1598->1466 1602 54008d6-54008de 1598->1602 1599->1466 1605 54009c8-54009ca 1600->1605 1601->1605 1602->1466 1605->1466 1608 54009d0-54009d8 1605->1608 1608->1466 1611->1530 1612->1530
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4165030237.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5400000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 4'^q$4'^q
                                            • API String ID: 0-2697143702
                                            • Opcode ID: 3c00c4e6af648065a7e40673fa71c86cd11a3491818898907c9de1f6d5c978c4
                                            • Instruction ID: e9615af6991a761fa89feaa2eaf6f3340332c4d18e629a389b10f129fab19f9d
                                            • Opcode Fuzzy Hash: 3c00c4e6af648065a7e40673fa71c86cd11a3491818898907c9de1f6d5c978c4
                                            • Instruction Fuzzy Hash: 86C16078B145018B9F19AB65905D2BEBBFBBBC5312B68543AE90BCB384DF3489038745

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1613 5726a70-5726a82 1614 5726a84-5726aa5 1613->1614 1615 5726aac-5726ab0 1613->1615 1614->1615 1616 5726ab2-5726ab4 1615->1616 1617 5726abc-5726acb 1615->1617 1616->1617 1618 5726ad7-5726b03 1617->1618 1619 5726acd 1617->1619 1623 5726d30-5726d39 1618->1623 1624 5726b09-5726b0f 1618->1624 1619->1618 1635 5726d3b-5726d40 1623->1635 1636 5726d79 1623->1636 1626 5726be1-5726be5 1624->1626 1627 5726b15-5726b1b 1624->1627 1628 5726be7-5726bf0 1626->1628 1629 5726c08-5726c11 1626->1629 1627->1623 1631 5726b21-5726b2e 1627->1631 1628->1623 1632 5726bf6-5726c06 1628->1632 1633 5726c13-5726c33 1629->1633 1634 5726c36-5726c39 1629->1634 1637 5726bc0-5726bc9 1631->1637 1638 5726b34-5726b3d 1631->1638 1640 5726c3c-5726c42 1632->1640 1633->1634 1634->1640 1641 5726d42-5726d77 1635->1641 1642 5726dbe-5726dc1 1635->1642 1644 5726d7c-5726d7e 1636->1644 1637->1623 1643 5726bcf-5726bdb 1637->1643 1638->1623 1639 5726b43-5726b5b 1638->1639 1647 5726b67-5726b79 1639->1647 1648 5726b5d 1639->1648 1640->1623 1650 5726c48-5726c5b 1640->1650 1641->1636 1651 5726d8d-5726d99 1641->1651 1643->1626 1643->1627 1645 5726dc2-5726def call 5721c40 1644->1645 1646 5726d80-5726d8b 1644->1646 1670 5726df1-5726df7 1645->1670 1671 5726e07-5726e09 1645->1671 1646->1644 1646->1651 1647->1637 1660 5726b7b-5726b81 1647->1660 1648->1647 1650->1623 1653 5726c61-5726c71 1650->1653 1654 5726da5-5726dbd 1651->1654 1655 5726d9b 1651->1655 1653->1623 1659 5726c77-5726c84 1653->1659 1654->1642 1655->1654 1659->1623 1663 5726c8a-5726c9f 1659->1663 1665 5726b83 1660->1665 1666 5726b8d-5726b93 1660->1666 1663->1623 1675 5726ca5-5726cc8 1663->1675 1665->1666 1666->1623 1668 5726b99-5726bbd 1666->1668 1673 5726dfb-5726dfd 1670->1673 1674 5726df9 1670->1674 1702 5726e0b call 5727c22 1671->1702 1703 5726e0b call 5726e7a 1671->1703 1704 5726e0b call 5727c88 1671->1704 1705 5726e0b call 5726e88 1671->1705 1673->1671 1674->1671 1675->1623 1682 5726cca-5726cd5 1675->1682 1677 5726e11-5726e15 1680 5726e60-5726e70 1677->1680 1681 5726e17-5726e2e 1677->1681 1681->1680 1690 5726e30-5726e3a 1681->1690 1683 5726d26-5726d2d 1682->1683 1684 5726cd7-5726ce1 1682->1684 1684->1683 1689 5726ce3-5726cf9 1684->1689 1693 5726d05-5726d1e 1689->1693 1694 5726cfb 1689->1694 1695 5726e3c-5726e4b 1690->1695 1696 5726e4d-5726e5d 1690->1696 1693->1683 1694->1693 1695->1696 1702->1677 1703->1677 1704->1677 1705->1677
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166667016.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5720000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: (bq$d
                                            • API String ID: 0-3334038649
                                            • Opcode ID: 730164d8cc637953a6bddf7035c21ff0c39af518969df8d18d9b6f3b0a8acdb6
                                            • Instruction ID: 95ac5ed2ee3daf733f4f4526cdee2b12af1b6b35924da73e20aeaf0af5c9062d
                                            • Opcode Fuzzy Hash: 730164d8cc637953a6bddf7035c21ff0c39af518969df8d18d9b6f3b0a8acdb6
                                            • Instruction Fuzzy Hash: 4FD168357006268FCB14CF28C58496AB7F6FF88310B65C96AE45A9B365DB30FC42DB90

                                            Control-flow Graph

                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166667016.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5720000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 4'^q$4'^q
                                            • API String ID: 0-2697143702
                                            • Opcode ID: a2a4ade2f4b41250a94097729dd962d38379611a52eed02bb348a9e29e6357e3
                                            • Instruction ID: df3cd4d80d1ce1f1b5248725d89b546e67f4dd0de6c76802cec1637097485285
                                            • Opcode Fuzzy Hash: a2a4ade2f4b41250a94097729dd962d38379611a52eed02bb348a9e29e6357e3
                                            • Instruction Fuzzy Hash: 9CC1A674B10228DFCB04DFA8C998AADB7B6FF89700F504559E506AB3A5DB31EC42CB51

                                            Control-flow Graph

                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166667016.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5720000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 4'^q$4'^q
                                            • API String ID: 0-2697143702
                                            • Opcode ID: a36f7dcb09a649dc10509d72a07146a5d468e9d3cf2e4a8438e09c81a22a6161
                                            • Instruction ID: 2b08a3a6801741cf8ab6a06364781e241c6d18b8f46dd728c1cb9b72fb26b9aa
                                            • Opcode Fuzzy Hash: a36f7dcb09a649dc10509d72a07146a5d468e9d3cf2e4a8438e09c81a22a6161
                                            • Instruction Fuzzy Hash: EDC1B774B10228DFCB08DFA4C998AADB7B6FF88700F504558E506AB3A5DB31EC42CB50

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1883 5724088-57240a2 1884 57240a4-57240ab 1883->1884 1885 57240ae-57240ba 1883->1885 1887 5724116-5724119 1885->1887 1888 57240bc-57240c9 1885->1888 1889 572411b-572411d 1887->1889 1890 572412c-572412f 1887->1890 1895 57242e7-572431f 1888->1895 1896 57240cf-57240ff 1888->1896 1894 5724125 1889->1894 1892 5724131-572414f 1890->1892 1893 5724155-5724158 1890->1893 1892->1893 1902 5724326-5724342 1892->1902 1897 572415e-5724164 1893->1897 1898 57242dd-57242e4 1893->1898 1894->1890 1895->1902 1925 5724101-572410a 1896->1925 1926 572410c-572410f 1896->1926 1897->1898 1900 572416a-5724173 1897->1900 1908 5724175-5724184 1900->1908 1909 57241ab-57241b1 1900->1909 1908->1909 1918 5724186-572419f 1908->1918 1910 57241b7-57241c0 1909->1910 1911 57242bc-57242c2 1909->1911 1910->1911 1920 57241c6-57241d2 1910->1920 1911->1898 1912 57242c4-57242d4 1911->1912 1912->1898 1924 57242d6-57242db 1912->1924 1918->1909 1927 57241a1-57241a4 1918->1927 1929 5724270-57242b4 1920->1929 1930 57241d8-5724200 1920->1930 1924->1898 1925->1887 1926->1887 1927->1909 1929->1911 1930->1929 1937 5724202-572423f 1930->1937 1937->1929 1944 5724241-572426e 1937->1944 1944->1911
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166667016.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5720000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: (_^q$Pl^q
                                            • API String ID: 0-1560878243
                                            • Opcode ID: 4047753363aa342168d4fd15866a73aba1a3859deba354dae489436cc3690aeb
                                            • Instruction ID: a5960086792cd3883ca6816fa7ab076862010deda8361faa61b864f2eadc80ed
                                            • Opcode Fuzzy Hash: 4047753363aa342168d4fd15866a73aba1a3859deba354dae489436cc3690aeb
                                            • Instruction Fuzzy Hash: 14910430B505288FDB04DF69C884AAA7BF6BF89710B1540A9E506CB3B5DB71ED42CB91

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1996 5722300-5722312 1997 5722406-572242b 1996->1997 1998 5722318-572231a 1996->1998 1999 5722432-5722456 1997->1999 1998->1999 2000 5722320-572232c 1998->2000 2012 572245d-5722481 1999->2012 2004 5722340-5722350 2000->2004 2005 572232e-572233a 2000->2005 2004->2012 2013 5722356-5722364 2004->2013 2005->2004 2005->2012 2017 5722488-572250b 2012->2017 2016 572236a-572236f 2013->2016 2013->2017 2049 5722371 call 5722500 2016->2049 2050 5722371 call 57224f0 2016->2050 2051 5722371 call 5722300 2016->2051 2052 5722371 call 57222f0 2016->2052 2039 5722512-5722520 call 5721c40 2017->2039 2019 5722377-57223c0 2034 57223c2-57223db 2019->2034 2035 57223e3-5722403 call 5720a40 2019->2035 2034->2035 2045 5722522-5722528 2039->2045 2046 5722538-572253a 2039->2046 2047 572252a 2045->2047 2048 572252c-572252e 2045->2048 2047->2046 2048->2046 2049->2019 2050->2019 2051->2019 2052->2019
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166667016.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5720000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: (bq$Hbq
                                            • API String ID: 0-4081012451
                                            • Opcode ID: 448907a717e06e51c3c4e012599a2e5e7020dc9b136312121857e884a03558be
                                            • Instruction ID: b6f6ccdbae5c61c915ffc22013eaf963f23cee1c8e29935a099ab5be6ea2f4a9
                                            • Opcode Fuzzy Hash: 448907a717e06e51c3c4e012599a2e5e7020dc9b136312121857e884a03558be
                                            • Instruction Fuzzy Hash: 8C517A347002148FD759AF39C494A6EBBBBBF94341B60446DD60A8B3A1CE35ED06CB51

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 2053 572a7c0-572a7cc 2054 572a828-572a88b 2053->2054 2055 572a7ce-572a7de 2053->2055 2068 572a907-572a936 2054->2068 2069 572a88d-572a8b0 call 5725070 2054->2069 2058 572a7e0-572a7ec 2055->2058 2059 572a80f-572a827 2055->2059 2064 572a805-572a80e 2058->2064 2065 572a7ee-572a804 2058->2065 2074 572a93e-572a947 2068->2074 2069->2068 2073 572a8b2-572a904 2069->2073
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166667016.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5720000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: (bq$,bq
                                            • API String ID: 0-1616511919
                                            • Opcode ID: f652442fca706273f312ab94b2261e7db1c647814e6dad71e4dd455b5e16e5cc
                                            • Instruction ID: aa31a5d6f41104e4fddc952df67b95d2d69fd924891425520afa8c009bce839b
                                            • Opcode Fuzzy Hash: f652442fca706273f312ab94b2261e7db1c647814e6dad71e4dd455b5e16e5cc
                                            • Instruction Fuzzy Hash: 8D41C3327000696FCF029EA99C509FFBFEEFB89211B144066FA55E7241DA35CD259BA0
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166667016.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5720000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 4'^q$pbq
                                            • API String ID: 0-3872760177
                                            • Opcode ID: 83f0d8fd85a7e5b274f2bd4d5d8d6b8c3ee7326e36718188dc685614c4201cfd
                                            • Instruction ID: 5be1436e9e4d75889f97e3b216f6064cbe41459139398c00f39a5de94852429c
                                            • Opcode Fuzzy Hash: 83f0d8fd85a7e5b274f2bd4d5d8d6b8c3ee7326e36718188dc685614c4201cfd
                                            • Instruction Fuzzy Hash: 36418E31A403059FC704DB69C9907AEBBB6BFC8300F148928D5099B369DB71E94A8BA1
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4164762152.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_53c0000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 2
                                            • API String ID: 0-450215437
                                            • Opcode ID: c41f9485deb4fe0f2db830c886a0b4270dd839bd30af8ffd375556aa8da65870
                                            • Instruction ID: 49a404328be47d6377c5beb242f01bec7c8fcc66429543dd655d0b2966b714b7
                                            • Opcode Fuzzy Hash: c41f9485deb4fe0f2db830c886a0b4270dd839bd30af8ffd375556aa8da65870
                                            • Instruction Fuzzy Hash: 50520874A44259CFCB58DF69D984AADBBF2BF88304F1081ADD40A9B369DB309D85CF50
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166667016.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5720000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: (_^q
                                            • API String ID: 0-538443824
                                            • Opcode ID: 49f268547043db3c48346614db6a0c7ff47a1ce0cebd04f37cb9ba6d51378337
                                            • Instruction ID: 3731999d237f344444f8947526a7520107cda5acf84952a374a5edb36d322da3
                                            • Opcode Fuzzy Hash: 49f268547043db3c48346614db6a0c7ff47a1ce0cebd04f37cb9ba6d51378337
                                            • Instruction Fuzzy Hash: CE228C75A102249FDB04DF68D494AADBBB2FF88300F158969E906EF3A1DB75ED40CB50
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166667016.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5720000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: ,bq
                                            • API String ID: 0-2474004448
                                            • Opcode ID: 59d3199cd7922a4fb48c41c5c22b3f1870abe44684a0696b706ce2a5a348fd1d
                                            • Instruction ID: ab0c13607cdb031f36a2458c88157ef1b8fea3fd1a2bb14f5f1e964b4f2cdce9
                                            • Opcode Fuzzy Hash: 59d3199cd7922a4fb48c41c5c22b3f1870abe44684a0696b706ce2a5a348fd1d
                                            • Instruction Fuzzy Hash: 0D021575A002288FCB64DF69C984BEDBBF2BB88300F1541D9E549AB351DB709E81CF61
                                            APIs
                                            • VirtualProtect.KERNEL32(?,?,?,?), ref: 02C8D3EC
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4156447034.0000000002C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_2c80000_RegAsm.jbxd
                                            Similarity
                                            • API ID: ProtectVirtual
                                            • String ID:
                                            • API String ID: 544645111-0
                                            • Opcode ID: ec268384b3003e624103cd0664455bcd346883a1c41b986a4161027b3921585d
                                            • Instruction ID: c3a8a26d93416b3ecf101d07894854d83c7d7ac21e7d2389a28d6231c51caae3
                                            • Opcode Fuzzy Hash: ec268384b3003e624103cd0664455bcd346883a1c41b986a4161027b3921585d
                                            • Instruction Fuzzy Hash: 131106B1D002499FDB10DFAAC884ADEFBF4EF88324F14842AD559A7250C774A945CFA5
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166240465.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5640000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Deq
                                            • API String ID: 0-948982800
                                            • Opcode ID: 04b47eaa3d429eeb59f21ce04228674c01b3d1dc98ab8bf24a23be2b97acd923
                                            • Instruction ID: 1e12c673d7c00534d31283f107ede7b1de0ed84318d2248b806a52e9bce9a7db
                                            • Opcode Fuzzy Hash: 04b47eaa3d429eeb59f21ce04228674c01b3d1dc98ab8bf24a23be2b97acd923
                                            • Instruction Fuzzy Hash: B2A1AE346002159FC718EF6AD584A6ABBF6FF89710F118169E406EB3A5DB31EC41CF90
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166667016.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5720000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 4'^q
                                            • API String ID: 0-1614139903
                                            • Opcode ID: cda0440b49f7d0c2f6047aa4498d52f0108cf253dc8752a95bc5113c6a42f533
                                            • Instruction ID: d33af9c0a0282920b58b72faec014eb901c6fbc7c381e233b451d219470a8f9d
                                            • Opcode Fuzzy Hash: cda0440b49f7d0c2f6047aa4498d52f0108cf253dc8752a95bc5113c6a42f533
                                            • Instruction Fuzzy Hash: E4A10C34B10228DFCB04DFA4D998A9DBBB2FF88300F558559E506AB365DB31EC46CB51
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166240465.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5640000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: (bq
                                            • API String ID: 0-149360118
                                            • Opcode ID: 66390e9740c11267dc7ff43daee797b761a31eab4f23a36e97c99130f3b2cf72
                                            • Instruction ID: 998d580a9f414222386254f359ec2e678d36fa98f0adeed39217a51568d062c8
                                            • Opcode Fuzzy Hash: 66390e9740c11267dc7ff43daee797b761a31eab4f23a36e97c99130f3b2cf72
                                            • Instruction Fuzzy Hash: B651BE35A00216DFCB10CF69C480A6AFBB5FF85320F158669E959AB381DB30F891CBD4
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166240465.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5640000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: pbq
                                            • API String ID: 0-3896149868
                                            • Opcode ID: d3e937a574420f45282aac4b186ff5aa7ade6d6ca543f208935909888030f821
                                            • Instruction ID: 90e88dabed87559b0c194b707de4481672032ea6367c0b2c8f85010653f400ba
                                            • Opcode Fuzzy Hash: d3e937a574420f45282aac4b186ff5aa7ade6d6ca543f208935909888030f821
                                            • Instruction Fuzzy Hash: BE516076600104AFCB499FA8C954D69BBF7FF8C3147168494E2098F376DA32DC22DB51
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166667016.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5720000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 4'^q
                                            • API String ID: 0-1614139903
                                            • Opcode ID: d7ea66fdd7f27a09f5f481fe2add891f6a9abd41bd3166bf6ebd161aec946e8b
                                            • Instruction ID: caeef6de14d3f68cd3859f0da231875be370b1f6e319fa00160d879742a6d9e7
                                            • Opcode Fuzzy Hash: d7ea66fdd7f27a09f5f481fe2add891f6a9abd41bd3166bf6ebd161aec946e8b
                                            • Instruction Fuzzy Hash: EA41A570B107248FCB14EB68C4ACAAEB7B7AFC9700F10441DE406AB394CF749C469B96
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166240465.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5640000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Te^q
                                            • API String ID: 0-671973202
                                            • Opcode ID: 8251fcb4bd8af980914220aed7eb0c5e575af5c15232fd9c30ac6516e35ee7d2
                                            • Instruction ID: 92684472e9855b27aa7a5e2836e0585c8899b52add8e75cc9b04976e1386ca4b
                                            • Opcode Fuzzy Hash: 8251fcb4bd8af980914220aed7eb0c5e575af5c15232fd9c30ac6516e35ee7d2
                                            • Instruction Fuzzy Hash: 64517C34B44205CFEB28DB1AE44ABBB77E3BB88319F148065E4039B699DB745982CF45
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4164762152.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_53c0000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: TJcq
                                            • API String ID: 0-1911830065
                                            • Opcode ID: b576e9207238a59b9dcb11ab7dc06bd35ad2b0738436fe698e2e6043f543e254
                                            • Instruction ID: 49592f451ddbb13fb394887c6f72de902d07b899f6d8c36c660b41d160fb0063
                                            • Opcode Fuzzy Hash: b576e9207238a59b9dcb11ab7dc06bd35ad2b0738436fe698e2e6043f543e254
                                            • Instruction Fuzzy Hash: 8E31C3397442108FEB249B75E45CB3A7BE6BF89201F1500ADE507CB3A2CA65DC45DB91
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166240465.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5640000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: (bq
                                            • API String ID: 0-149360118
                                            • Opcode ID: 6dd6257d1898638b1281c80ae8e0e3c85a5215f28e30124383203fb5dbbd1872
                                            • Instruction ID: 2695b2212060047bfbde9fe7300cf8bcf30c6023287856e950f89134711e48af
                                            • Opcode Fuzzy Hash: 6dd6257d1898638b1281c80ae8e0e3c85a5215f28e30124383203fb5dbbd1872
                                            • Instruction Fuzzy Hash: 8B31253A7041515FDB159FA9D890AABBBA7FFC9320B14403AEA09CB351CE718C02CB90
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166667016.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5720000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 4'^q
                                            • API String ID: 0-1614139903
                                            • Opcode ID: bb6051c921354bc7d2bd4fd08520c14b2e9eb4fec7ca4ae5de7586634f16acb5
                                            • Instruction ID: 2b5974d918710c7ed1569212f633af5d8df2d034e8ba713b95330e0ed397b1dc
                                            • Opcode Fuzzy Hash: bb6051c921354bc7d2bd4fd08520c14b2e9eb4fec7ca4ae5de7586634f16acb5
                                            • Instruction Fuzzy Hash: B9319E36700214AFCF098F64D994E59BBB7FF88310F1544A8F60A9B365DA32EC56CB90
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4165030237.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5400000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 4'^q
                                            • API String ID: 0-1614139903
                                            • Opcode ID: 8b8f3df2c0ae63cef092bd705f60606b01ec980530df6eb57983a80a95168d48
                                            • Instruction ID: 9e4e7b2b944355924f0deb624c584b5b0bb45ff9f6da0e890141f511e12028be
                                            • Opcode Fuzzy Hash: 8b8f3df2c0ae63cef092bd705f60606b01ec980530df6eb57983a80a95168d48
                                            • Instruction Fuzzy Hash: E9219F26A0E3C14FD3174674A8297AA7F76AB83251B6E40FBD085CF5E3D5384C4AC752
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166667016.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5720000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: p<^q
                                            • API String ID: 0-1680888324
                                            • Opcode ID: 562b5341e3b6e172f9ab0550686f6a727efd523bb430e2b51d7c1b843e6d3747
                                            • Instruction ID: 03f7de0b867bc940192cb79228c6711cf4cc76bc6d4bc5aa0e85734c65a1187a
                                            • Opcode Fuzzy Hash: 562b5341e3b6e172f9ab0550686f6a727efd523bb430e2b51d7c1b843e6d3747
                                            • Instruction Fuzzy Hash: 16213A353041649FDB15CF2AC844AAA7BEABF89340F194495FD4ACB361DA35DC91EB20
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166667016.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5720000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: p<^q
                                            • API String ID: 0-1680888324
                                            • Opcode ID: ff49d19a0ea06980b32acfe56e36e10c0d93fc6545a514efedacf40c1f7b7ff6
                                            • Instruction ID: 2ca8f0b2f6a0aa4455d4b30b37a99d4d65d7dfb1dc3eb55832a3ab8bd44c35b1
                                            • Opcode Fuzzy Hash: ff49d19a0ea06980b32acfe56e36e10c0d93fc6545a514efedacf40c1f7b7ff6
                                            • Instruction Fuzzy Hash: 86215B393041649FDB05CE29C884AAA3BEAFF8D210F1544A1F90ACB371DA35DC91DB20
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166667016.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5720000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: (bq
                                            • API String ID: 0-149360118
                                            • Opcode ID: a57191f621fbc024b0cdf8d9cf6bc9c11b73de7e31c2a3f07d4b3c18920b351f
                                            • Instruction ID: 837204de88e4bb2d31f4bda61fada70954d21ede460e6b54b029bab169740665
                                            • Opcode Fuzzy Hash: a57191f621fbc024b0cdf8d9cf6bc9c11b73de7e31c2a3f07d4b3c18920b351f
                                            • Instruction Fuzzy Hash: D111B236604254AFCB069F69D804C597FB6FF8932031680D6E509DB372CB32ED10DB91
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4156447034.0000000002C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_2c80000_RegAsm.jbxd
                                            Similarity
                                            • API ID: CloseHandle
                                            • String ID:
                                            • API String ID: 2962429428-0
                                            • Opcode ID: 1e4f627bd8d754698550d4cf292f5ee6b0de13dc91c39da28e0add0dcc436fef
                                            • Instruction ID: d9a9d287b4c2e6d4254d33267d26721c005cbab90723f41727b04e527a87d996
                                            • Opcode Fuzzy Hash: 1e4f627bd8d754698550d4cf292f5ee6b0de13dc91c39da28e0add0dcc436fef
                                            • Instruction Fuzzy Hash: 27113AB59002488FDB10DFAAC4457DEFBF4EB88328F24842AD559A7250CB74A544CF94
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166667016.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5720000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: ?
                                            • API String ID: 0-1684325040
                                            • Opcode ID: bf6916c40761cf06004ffb18057fcb43b581e50b65d3bbc9954dc39718083414
                                            • Instruction ID: 0af22ecbc417351bdf2c1133cdd7f9e62209778cd3c62fdb07074f0c54db6ee9
                                            • Opcode Fuzzy Hash: bf6916c40761cf06004ffb18057fcb43b581e50b65d3bbc9954dc39718083414
                                            • Instruction Fuzzy Hash: EDF0307A3106009FD709DB25D899F3977AAEF88721F1444A9FA46CB7A1CA71DC41CB50
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166667016.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5720000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 1c93896a3da87cab9ab84016207fbb55e2cf855b42e13b59326fab6b90d12eda
                                            • Instruction ID: d9dafeaf8c86ebcdc149b17f6167dde8cebd612b1c118a490eaa143711a40bf1
                                            • Opcode Fuzzy Hash: 1c93896a3da87cab9ab84016207fbb55e2cf855b42e13b59326fab6b90d12eda
                                            • Instruction Fuzzy Hash: CC12FE34B102288FCB14DF64C898AADB7B6BF89300F5085A8D54AAB355DF30ED85DF51
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166667016.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5720000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c0e86d6950e288513dbd01bd37193ad371eb748f2f804260ab5b1a266879dd02
                                            • Instruction ID: 54f454eba8d32bcd4a0252e13b0336cd55a47ea2a9bbb80e05e062aed0480d08
                                            • Opcode Fuzzy Hash: c0e86d6950e288513dbd01bd37193ad371eb748f2f804260ab5b1a266879dd02
                                            • Instruction Fuzzy Hash: FCB11A34B102248FDB24DF25C898BA9B7B6BF89300F5485A8E94AAB355DF30DD85DF50
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166667016.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5720000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c81f30b20d878cb5ffd5c4c12f3bd7c3d70df5e755408c16d9b333326f0e9409
                                            • Instruction ID: c8c6862d6751025139e56fc438ee1ccf12f3dc0f9f919b3756d2d95a4ca74c3a
                                            • Opcode Fuzzy Hash: c81f30b20d878cb5ffd5c4c12f3bd7c3d70df5e755408c16d9b333326f0e9409
                                            • Instruction Fuzzy Hash: A4813A307102249FCB14DF69D899A6EB7B6FF89700F5480A9E5069B3A5CB34EC42DB90
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166667016.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5720000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 01c1da0d5fd844c387ac9764b7a81bc93152af5fc90918886ca93a4a6a3bb266
                                            • Instruction ID: 92a156dfdd2955a9bf63a8a891aecabfc1b0addacc1d9f14067508aeb9f4bf63
                                            • Opcode Fuzzy Hash: 01c1da0d5fd844c387ac9764b7a81bc93152af5fc90918886ca93a4a6a3bb266
                                            • Instruction Fuzzy Hash: 8D81D875A00528CFCB14DF68C584D9EB7F6FF88310B158569E9169B361DB31ED42CB90
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166667016.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5720000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6b6b77168b1723e31a1370900de938bf6ccaf7477af40f414ef52ede6231be50
                                            • Instruction ID: dfed533d2c2f94fa16012377453c16aa40bb80cb39e18091c2a0fe9a9ca8bac7
                                            • Opcode Fuzzy Hash: 6b6b77168b1723e31a1370900de938bf6ccaf7477af40f414ef52ede6231be50
                                            • Instruction Fuzzy Hash: 51815D34B006289FCB14EF69C058AADB7B2FF89704F10856DE4029B3A1CB75DD86DB91
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4165030237.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5400000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: aebb233d5bb9ad9013277f8842b5eaf50f520ce4ef400e09df5ab3e50d996a91
                                            • Instruction ID: b57a8c2d4d45fae7d646fb1636b3e9b80f0b64f921e7c542bdf4450c48858215
                                            • Opcode Fuzzy Hash: aebb233d5bb9ad9013277f8842b5eaf50f520ce4ef400e09df5ab3e50d996a91
                                            • Instruction Fuzzy Hash: 445140213542424BDB045A99949C7ABFAEFEBD4700FA4503EA20BCB798DFF1CC454791
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166240465.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5640000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7cb1e78a9467ce6fd3b730526ac26291f16c6a4c8ac2ff37285c5af35278a8ef
                                            • Instruction ID: 32cbc8d528152abe3e3f8ab0352fd2947b1923f4d0e20a5bde584c6290e01e7f
                                            • Opcode Fuzzy Hash: 7cb1e78a9467ce6fd3b730526ac26291f16c6a4c8ac2ff37285c5af35278a8ef
                                            • Instruction Fuzzy Hash: F3618C34A09609CFD768EB75E04C77A77A3FB94301F008528E803AB789EB749886CF51
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166667016.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5720000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b29b5b2e8ee0b0af31c32d61f1b88eb002ac0e676c9393668a019b6637a5baf1
                                            • Instruction ID: 5998d4bf7532088cb27c452b0ae7810d429a50ef66c74176cbe1c4618cf3b730
                                            • Opcode Fuzzy Hash: b29b5b2e8ee0b0af31c32d61f1b88eb002ac0e676c9393668a019b6637a5baf1
                                            • Instruction Fuzzy Hash: 77617E34B006289FCB14EF69C458AADB7B2FF89700F10856DE402973A0DB75ED86DB91
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166667016.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5720000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 21fc2fe68040bb75f962647888fe84ec3cf8a711d212f852808049c304cb5e4e
                                            • Instruction ID: dab7a998fbb0b04c1608dc48c617289bdbd792016b85a6349738b72a72773829
                                            • Opcode Fuzzy Hash: 21fc2fe68040bb75f962647888fe84ec3cf8a711d212f852808049c304cb5e4e
                                            • Instruction Fuzzy Hash: 53512B74710224DFCB04DF69C899AADB7B6FF88710F548169E9069B3A5CB30EC42DB90
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4164762152.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_53c0000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ddad58ff2bca15235500d653edf2b937742969f12071a0ebf8d9de3d9126293b
                                            • Instruction ID: 6b5cbedba51da1a1b498aeea70ef333f7a7661cd5cb7f704d413d80b35f3d08c
                                            • Opcode Fuzzy Hash: ddad58ff2bca15235500d653edf2b937742969f12071a0ebf8d9de3d9126293b
                                            • Instruction Fuzzy Hash: EB51CA35B002058FDB14DB68D884AAABFB6FF89310F1485AEE509DB291CB70EC41CB90
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166667016.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5720000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d4619785094c2c4a35b0ffc3631d6d531820d4fc36213d4772b4541c8030c128
                                            • Instruction ID: 0b4ca7b2ef1e04c793481bd7eb23ed086f9ce63293b69b156c178d0078d13748
                                            • Opcode Fuzzy Hash: d4619785094c2c4a35b0ffc3631d6d531820d4fc36213d4772b4541c8030c128
                                            • Instruction Fuzzy Hash: 3A51AF34B106199FCB04EF65E498AAEBBBAFFC8711F008519F5029B364DF349946CB91
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166240465.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5640000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7776b5dfaead98c1c150bbac7a5de54e51cfcde0fa67404b73e5beaa1953ae3f
                                            • Instruction ID: ef78c3b05d0589af95c74c66ce9454237f75e4a07fbca2a45cd872ce3390d46b
                                            • Opcode Fuzzy Hash: 7776b5dfaead98c1c150bbac7a5de54e51cfcde0fa67404b73e5beaa1953ae3f
                                            • Instruction Fuzzy Hash: B241D9387201108FEB44AB74E45E66EBBAEBB88346F144565FA0BCB784DF344946CF46
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166240465.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5640000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: dac1b4f665adbdf60250c4b37e53bbffb8eb5c0a37b2a54a2257384e57e7a68d
                                            • Instruction ID: 215154c01255cbe1f9cb3117415ccc47b225e882f8fb4bd4234a596b46a16c1b
                                            • Opcode Fuzzy Hash: dac1b4f665adbdf60250c4b37e53bbffb8eb5c0a37b2a54a2257384e57e7a68d
                                            • Instruction Fuzzy Hash: 27412675708A7187DB346A65E41867E76FBAB83652B048129D94BC7B84EB30CC02CFD2
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166240465.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5640000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 84d633dd37eb2515d6be599a2d1378ac24fcddd0f589d3f4213f6bd7d6d53eba
                                            • Instruction ID: db407369da4aef9891e72e9f08f29b7bfebfa82bba73903c1ae4179a0c9aaefa
                                            • Opcode Fuzzy Hash: 84d633dd37eb2515d6be599a2d1378ac24fcddd0f589d3f4213f6bd7d6d53eba
                                            • Instruction Fuzzy Hash: 6041C8387201108FEB44AB65E45E66EBBEEBB88306F544525F60BCB784DF344942CF46
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166667016.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5720000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c610814b70f05740282a51d7c7499c167617ff6296d50774938066a352df1e63
                                            • Instruction ID: 7d175946710db4cc8e56997ef48fa6e38293fbb348fd17f4790c5c31b92a3105
                                            • Opcode Fuzzy Hash: c610814b70f05740282a51d7c7499c167617ff6296d50774938066a352df1e63
                                            • Instruction Fuzzy Hash: E031C3366105149FCB05DF6AD898EA9BBB2FF48320B1680A8E5099F372C731ED55DB80
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166240465.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5640000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 19e26f71ac3dde9d4e4431cd384c3e40afc298a401fc135fa55d1257b2082c37
                                            • Instruction ID: ff6da4841852b417bad6a48cf35bc25cc6ed8d95dbea9a84731e175535995b81
                                            • Opcode Fuzzy Hash: 19e26f71ac3dde9d4e4431cd384c3e40afc298a401fc135fa55d1257b2082c37
                                            • Instruction Fuzzy Hash: 9F41AB31A006168FDB14CFA5C845ABEBBB6FF88344F008529E506E7360EB34E946CF91
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166667016.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5720000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b6931d230162c52023b95de9678c5af9049878e1bac5a6c3de7f36561cb56cb7
                                            • Instruction ID: 6c76d0a1be6db1dd0514ce416c8f989d116f06adf399198d25591d14ffa38dbf
                                            • Opcode Fuzzy Hash: b6931d230162c52023b95de9678c5af9049878e1bac5a6c3de7f36561cb56cb7
                                            • Instruction Fuzzy Hash: C8314D35A002299BDF14DF64D899AEDB7B6FF88311F148025E806B7394CB71AD01DBA0
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166667016.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5720000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6ea4a39aa66c04045d825cbb16d4f9619e2217db648127be14cc687eaca8115b
                                            • Instruction ID: 65a815e8241daa5dd7beb56a96f5acba35e70e0a3a7174dcc8c4116da8a9e7b8
                                            • Opcode Fuzzy Hash: 6ea4a39aa66c04045d825cbb16d4f9619e2217db648127be14cc687eaca8115b
                                            • Instruction Fuzzy Hash: 90317E34700215CFD728DF25D884AAABBBAFF95301B50442DE9568B3A1DF31EC46DB50
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166240465.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5640000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f44b45e8c32dfd66cd41cf07458bd601837af3a2e6367df4c6740f1db6398795
                                            • Instruction ID: 9cd9dd6503c2c0b9f93aa2a92bfec410afc2fd6330728c43467936a733fc0bfe
                                            • Opcode Fuzzy Hash: f44b45e8c32dfd66cd41cf07458bd601837af3a2e6367df4c6740f1db6398795
                                            • Instruction Fuzzy Hash: 8A216B31A193649FC721A76AD8497533BF8EB42350F4980B2E445CB782C734DC86CF92
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166667016.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5720000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 835ff2a89a2fc474ab61f41c0bcfda7f15b4f5770f7dbdfd9f1bbc1d04962336
                                            • Instruction ID: 3c8776ce464b58af9079c281f270adaacec81775767e1306efa357965f55668c
                                            • Opcode Fuzzy Hash: 835ff2a89a2fc474ab61f41c0bcfda7f15b4f5770f7dbdfd9f1bbc1d04962336
                                            • Instruction Fuzzy Hash: 9021D7313046148FD7249B69E884A6AB7D9EFC0325F1D847AE20EC7651DB31EC82C790
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166240465.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5640000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b4a4e1879d77592854c3e22f42eed866b6890df09fb0e8ef092c769e92f9c310
                                            • Instruction ID: c6d422b05e0cc5b5fad78acb511d494dea3265efacd2abbcd09776a261507fd1
                                            • Opcode Fuzzy Hash: b4a4e1879d77592854c3e22f42eed866b6890df09fb0e8ef092c769e92f9c310
                                            • Instruction Fuzzy Hash: 8C315830A442099FDB08CF69D448BAABBF2BF49344F148169D402A73A1DB719D85CFA0
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166667016.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5720000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4c90adecb52ea1a0b5f7bcfdbff29697404f6516df94a37518fcd582fb2ef6e9
                                            • Instruction ID: 4d5cba98a9c9fd8cdf6d1e5a3ad4d3b61bce230d1ae8f95745a9555927008e52
                                            • Opcode Fuzzy Hash: 4c90adecb52ea1a0b5f7bcfdbff29697404f6516df94a37518fcd582fb2ef6e9
                                            • Instruction Fuzzy Hash: 49218874B10619CFCB00EF68D5588AEB7B5FF99700B104169E506A7364EF309947CB92
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4155961505.000000000123D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0123D000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_123d000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 605a9003bcd9923b309940048c6cf6da03fe0d6a686d84d7502bf072cdca42ab
                                            • Instruction ID: 56deeca79b6c35a598efdc96918108990945e4802f0c82a880f81973db3acff2
                                            • Opcode Fuzzy Hash: 605a9003bcd9923b309940048c6cf6da03fe0d6a686d84d7502bf072cdca42ab
                                            • Instruction Fuzzy Hash: 582145B1510209DFDB01DF88E9C0B27BF65FBC4318F60C569EA0A0B256C376D456CBA2
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166667016.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5720000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 97bad68c26e1ec1f6118ab1fb4391c089b81d40ba936574e95a6604c70c4e490
                                            • Instruction ID: 3c5ae45be480c2a9502f945673a7ae0e6bf4eaaf0d48145dc0062fe7334b9ba6
                                            • Opcode Fuzzy Hash: 97bad68c26e1ec1f6118ab1fb4391c089b81d40ba936574e95a6604c70c4e490
                                            • Instruction Fuzzy Hash: 4021AC35E00229DFDB00CFB5C804FAEBBF5AB04340F108066D919DB282E735CA50DB92
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166667016.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5720000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 088e6738870d0518aaf65b5a890f0aea6d0712ab330514f4806305cee052873a
                                            • Instruction ID: a336151a637990290ddef2ef36d14bae8c31601acef70ff2b675209e8846cc1c
                                            • Opcode Fuzzy Hash: 088e6738870d0518aaf65b5a890f0aea6d0712ab330514f4806305cee052873a
                                            • Instruction Fuzzy Hash: 9D21D575A001198FDB04DF58C589ADDB7F2FB88300F2041A5E405AB3A5DB75AD45DBA0
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166667016.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5720000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e5393254d3a523b0350cef27390ad8c4d56dbb7b8fa71985b3a300b0a071c594
                                            • Instruction ID: 105c3d234a2e1fd707a770ef262e66f785ac87e4fe511c110e03a2aa6fd36aef
                                            • Opcode Fuzzy Hash: e5393254d3a523b0350cef27390ad8c4d56dbb7b8fa71985b3a300b0a071c594
                                            • Instruction Fuzzy Hash: 86218474B00A19CFCB01EF68D5949AEB7F5EF99300F10456AD505EB360EB309A46CBA2
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166667016.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5720000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 78e2c7fbe3a9edd0a3dfeaf79eb544d1cc18eefe5aa776163839c774fd02b200
                                            • Instruction ID: fc5e4ca0e1d983aac9b99536439696a128a2e371c7e9533b27cb17d4b3f0b412
                                            • Opcode Fuzzy Hash: 78e2c7fbe3a9edd0a3dfeaf79eb544d1cc18eefe5aa776163839c774fd02b200
                                            • Instruction Fuzzy Hash: 60115175B00215CFCB14DF69E5848ABB7F5FF88650B1540A5EA05DB365D731EC82CBA0
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4155961505.000000000123D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0123D000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_123d000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ce69cba98bfff612cefda2c4877fe7df6cc59bd7a6ce96c012d28fad0f514114
                                            • Instruction ID: 9e263fa5fd4be5cee65276ca873d7bd1d269dfe9f4b57bc10c2fe584086b62a3
                                            • Opcode Fuzzy Hash: ce69cba98bfff612cefda2c4877fe7df6cc59bd7a6ce96c012d28fad0f514114
                                            • Instruction Fuzzy Hash: 1E1106B2504244CFDB12CF44D5C4B16BF71FB84314F24C5A9D9050B257C336D45ACB91
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166240465.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5640000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0478d5fb190eb4c8b4abafbe73943327733c07fc2a30289ae50881ad246455c8
                                            • Instruction ID: 6fa0b422b60fee9cd71419e43ffa6150dde80118905d77ed7ba92552caa3515c
                                            • Opcode Fuzzy Hash: 0478d5fb190eb4c8b4abafbe73943327733c07fc2a30289ae50881ad246455c8
                                            • Instruction Fuzzy Hash: 62019271B081148FE354DA5AD848B67B3F7FBC8754F24C029E10A877A8DA709C42CF40
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166240465.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5640000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 389e620fb4885123ecde6fc16d50f526d715065860c54a7bd80f9f0e87de5a4a
                                            • Instruction ID: c4ff98658ce0a782fc3caf7c5d3045778fc60221aa876b6084ba631955094be8
                                            • Opcode Fuzzy Hash: 389e620fb4885123ecde6fc16d50f526d715065860c54a7bd80f9f0e87de5a4a
                                            • Instruction Fuzzy Hash: 98014436340215AFDB148E59EC85FAB7BAAFB88721F108066FA15CB391CAB1D8118B50
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166667016.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5720000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 91b2ad5e506bf60c4862171e27ad6ec65e49b4655d7838bb6c53117bd71e4961
                                            • Instruction ID: 67e9a12c120e9db1b58e16ddc4d8fa89bc61f36a70c874916e6468c13c706477
                                            • Opcode Fuzzy Hash: 91b2ad5e506bf60c4862171e27ad6ec65e49b4655d7838bb6c53117bd71e4961
                                            • Instruction Fuzzy Hash: B7118CB5910229CFCB24DFA4C584AE9BBB3FF49310F110288D609AB261C7719D85DF51
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166667016.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5720000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 255044aaa561a911dbe9d11da14285b37214ebff1c2e8e38e5fac1afbdb01f7e
                                            • Instruction ID: 060127ae5a1a8e641d611bbb225f972e57a2009ac36d1a98e533ceab153839f1
                                            • Opcode Fuzzy Hash: 255044aaa561a911dbe9d11da14285b37214ebff1c2e8e38e5fac1afbdb01f7e
                                            • Instruction Fuzzy Hash: 371180B9B01221CFCB14CF68D585AA6BBF6FF44651F1980A9EA05CB365D731DC81CB90
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166667016.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5720000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c00681b2ed6a3e62ca34a0c3bfd9809557a4d7462209b157f23560579ab43f79
                                            • Instruction ID: 1cba1cf85526959bbad8d3876dec457a46c70d7664a5764eec12d1d4c67542ad
                                            • Opcode Fuzzy Hash: c00681b2ed6a3e62ca34a0c3bfd9809557a4d7462209b157f23560579ab43f79
                                            • Instruction Fuzzy Hash: 9F01B135700724AFD3259A34C499B3A77B6EBC9320F048968E51A8B790CB75EC42EB80
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166667016.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5720000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f0b72ea30c0ffb48e6121ef54e82f9b7856e3904912145d78cecf8cd3503cae9
                                            • Instruction ID: 567c81677117112f720937fadedb64cf239d5c81ad26e58ee5e43c42e2ef4c28
                                            • Opcode Fuzzy Hash: f0b72ea30c0ffb48e6121ef54e82f9b7856e3904912145d78cecf8cd3503cae9
                                            • Instruction Fuzzy Hash: A001D2793006119FC30A9B34D054B5ABBA2AF89711F108669E50ACB391CF36EC03CB91
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166240465.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5640000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5f3b24dfbb93646864cef21ffc23670875eceea614c8727297d4cf69773534a1
                                            • Instruction ID: 03143efe7dfb8ded241dde6cf33de7f29ef1d34278e12d7a31852c89a0fe8108
                                            • Opcode Fuzzy Hash: 5f3b24dfbb93646864cef21ffc23670875eceea614c8727297d4cf69773534a1
                                            • Instruction Fuzzy Hash: 1A114834A00248DFDB54DFA9D45ABAE77F1BB09346F6041A9E4169B385DF309942CF01
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166667016.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5720000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a30e549e5694ff375901e97d667021ce9b3229f03fadfb9dc299001398ff59a9
                                            • Instruction ID: 6dbc74089de0a2c6e8858864720cc106814874c6478c439ef9237572b87ff96c
                                            • Opcode Fuzzy Hash: a30e549e5694ff375901e97d667021ce9b3229f03fadfb9dc299001398ff59a9
                                            • Instruction Fuzzy Hash: 7A0171303006249FD325AB24D459A3A77B7EBC9310F148668E5564B794CB75EC42EB80
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166667016.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5720000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5df8135d2680b25c0e6fd553372d52df0fcc1cbeacc31481c9001de2191f05e5
                                            • Instruction ID: 24a9662331a2b2fadadf6951dc8c37cb39f231c86ae975bf606afbc3275f39bd
                                            • Opcode Fuzzy Hash: 5df8135d2680b25c0e6fd553372d52df0fcc1cbeacc31481c9001de2191f05e5
                                            • Instruction Fuzzy Hash: D0115775A40219CFEB04DF64C989AEDB7B2FF48300F204191E405AB3A6DB32DD41DBA0
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166667016.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5720000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a94391275fe4d0d69771b96ae1078796be6a6377ea24c1ff9d176e5e9ec06ff8
                                            • Instruction ID: 2388939a6afd686d2adbc5a9be92a949aa4819425563816deb11e64515319bad
                                            • Opcode Fuzzy Hash: a94391275fe4d0d69771b96ae1078796be6a6377ea24c1ff9d176e5e9ec06ff8
                                            • Instruction Fuzzy Hash: 010131393006149FC709AB25D45892ABBA6EBCC711B208569E90A8B794CF36ED03CB95
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4164762152.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_53c0000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: af5d69ae93022f3c659e9b324f2b58fb541934bdc975f69eabb3b0735ccf09b8
                                            • Instruction ID: 238273e3b3cc7b15883a59fbba38205a6e584eee4cdea9fca0b5c8a3191f1862
                                            • Opcode Fuzzy Hash: af5d69ae93022f3c659e9b324f2b58fb541934bdc975f69eabb3b0735ccf09b8
                                            • Instruction Fuzzy Hash: 50F0963AD0851097C720DFA5A40876FBB6AEB44711F0584F9F45DD3204DE744D424B81
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166240465.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5640000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 513eff6111f002ebbb4bcc2c9563a14503aad1aa93ee515b39cce05c4d07475f
                                            • Instruction ID: 27ccadd9c7f91d38b00705735cd73845dc2bee7cc44c7d5d8484a38c02374ddc
                                            • Opcode Fuzzy Hash: 513eff6111f002ebbb4bcc2c9563a14503aad1aa93ee515b39cce05c4d07475f
                                            • Instruction Fuzzy Hash: 9CF0E971B482216FE71486199810B2BF7AEFBC8710F144469E50B9B394CA72AC42CBD5
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166667016.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5720000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6080d55a20e289f8e85dab7a35bd97adb4674c394eec9b07500c2a3c050a4de1
                                            • Instruction ID: f23e61a389fbd8fb49111eca6fabc296edfa879c208aa4f2f56e72336350fa35
                                            • Opcode Fuzzy Hash: 6080d55a20e289f8e85dab7a35bd97adb4674c394eec9b07500c2a3c050a4de1
                                            • Instruction Fuzzy Hash: C8F097973092608BC326443C6CC0B679EA8DBEB700F98007EF88ECB340C4108D824360
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166667016.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5720000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5b6ecbb5fc832b0adeb3dfb6718765e2373552a502f7f21aab06edd4222a1be0
                                            • Instruction ID: 876a745d7b0d6ac0620b1328ed30df1cfce159c3f57da42a8d9746b1f993fc1c
                                            • Opcode Fuzzy Hash: 5b6ecbb5fc832b0adeb3dfb6718765e2373552a502f7f21aab06edd4222a1be0
                                            • Instruction Fuzzy Hash: 40F0E9367101186BDB149A19D898EAAF7BAEFC8320F048066F919D7361EE31DC178791
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166667016.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5720000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b514c8a9321b881ba80f3c24f22ec77a6b34555a76094b37af925f70c715dc27
                                            • Instruction ID: ef78ad94c4d604c38aee8668b3990cba25f125aa3ac98452f903b649dd47f179
                                            • Opcode Fuzzy Hash: b514c8a9321b881ba80f3c24f22ec77a6b34555a76094b37af925f70c715dc27
                                            • Instruction Fuzzy Hash: 88012839A00509CFCB00DF65E889A9CB7B5FF89301F00815AE5029B320DB30A906CB51
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166667016.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5720000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 277148085b620406cd461cdb896a90e9c2614f6ab3067c9b448315f35afecff4
                                            • Instruction ID: cf1778ccc11aba7443dba468dfc7e9b9dd1e3bcf31c77394b1090c458374f0d3
                                            • Opcode Fuzzy Hash: 277148085b620406cd461cdb896a90e9c2614f6ab3067c9b448315f35afecff4
                                            • Instruction Fuzzy Hash: 1EF04F712002059FC710CF54DA81F8AF7AAEF84310F008A3AA5168B764DAB0E9498750
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166240465.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5640000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 548af032e9adcf25da244efc3f762514549ef0b973fb32fb73841d405b0ed345
                                            • Instruction ID: 83452d429a6de130d349f86d87dd8adca8543fb8144c111d261c5f87a7d9cbc6
                                            • Opcode Fuzzy Hash: 548af032e9adcf25da244efc3f762514549ef0b973fb32fb73841d405b0ed345
                                            • Instruction Fuzzy Hash: 89F0A071B003185FD70C6A7D5864B7FAA9AEBC1750F26883FE009DB3A5CC668C0643A1
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166667016.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5720000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0d96cd3d1539714b90c0d53bf9b09db4f9c0e6163b948a751ec38ab2a5aa1037
                                            • Instruction ID: 9690f0397f7a07784c39975bacd24a5841bc8598b0d450b74396de6dd2b9cddb
                                            • Opcode Fuzzy Hash: 0d96cd3d1539714b90c0d53bf9b09db4f9c0e6163b948a751ec38ab2a5aa1037
                                            • Instruction Fuzzy Hash: 8EF0AB5BB0D2318BD32A463C3CD123AABA6EBD6341B9484BEE54ACB358D505CCC76380
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4164762152.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_53c0000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 22f8d2714ad476df33299a8f4e09c2c203b4656dd77f8b73b7a4b67f1ae9d882
                                            • Instruction ID: 7377e0740d7b3e819823537e7527d822c5f707258ea3d819328c26b70a1c5df9
                                            • Opcode Fuzzy Hash: 22f8d2714ad476df33299a8f4e09c2c203b4656dd77f8b73b7a4b67f1ae9d882
                                            • Instruction Fuzzy Hash: 27F0893AE0452497C720DEA6A80866FBFAAEB84711F0584FAF84DD3104DE744C414B81
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166240465.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5640000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4654bacc8f8749883d3363c034c6415abcdf0f4e26684da55132dd84a3500c06
                                            • Instruction ID: ba72bb77debc11f7d34bf8db352b6ef876656b7d66de70ac55f7dba3eaaa0909
                                            • Opcode Fuzzy Hash: 4654bacc8f8749883d3363c034c6415abcdf0f4e26684da55132dd84a3500c06
                                            • Instruction Fuzzy Hash: 48F090719443209FCBB4AB96E548B7737E5BB847A5F06815AD406C7B94C720D8C2CF82
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166667016.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5720000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a9541481d756cf7c1a9590c8091e352628a072e2bc7c9db7b48f7952993443b5
                                            • Instruction ID: b5d6dd049c4e94efa2834f935a4fc8ce913e1300ae4cf9d48dd47ffe9cae9387
                                            • Opcode Fuzzy Hash: a9541481d756cf7c1a9590c8091e352628a072e2bc7c9db7b48f7952993443b5
                                            • Instruction Fuzzy Hash: 2FF030312403059FCB10DF19D980E8BFBAEEFC4310F008A3AB5168B665DBB0E94D8790
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4164762152.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_53c0000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 89d8cbaa1c9ca39ca358055ae8058610700a377e79726a25d8f941156ac0f7f7
                                            • Instruction ID: 5b6aa3cc96c4f574aa6ab1dea4ef10d101215fe49904540b593fec369163a5ff
                                            • Opcode Fuzzy Hash: 89d8cbaa1c9ca39ca358055ae8058610700a377e79726a25d8f941156ac0f7f7
                                            • Instruction Fuzzy Hash: B201E434E04214CBCB18DF69D488A697FA5FB49320F0549A9D85AAB394DB30AC41CF41
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166667016.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5720000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 2be8fd83256116e4e49224c147a3f1077f5f0ce8ff6e31275986067ab6eba002
                                            • Instruction ID: f340667dac8355deebf18e04b0b05815a000bd7667e926c923d168d428e77aa8
                                            • Opcode Fuzzy Hash: 2be8fd83256116e4e49224c147a3f1077f5f0ce8ff6e31275986067ab6eba002
                                            • Instruction Fuzzy Hash: 84F05E353102009FC704DB29D458D2A7BAAEFC8721B1044A9F946CB770CA32EC42CB90
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166240465.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5640000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a7a65ba109e86794ae5bcb457a3814e710f432b8ea00e38b5e2ad63119f960d8
                                            • Instruction ID: 08d865dcf1d6816d40348a251ba0b8069bce7c76b40e92003f0b559e4381d35a
                                            • Opcode Fuzzy Hash: a7a65ba109e86794ae5bcb457a3814e710f432b8ea00e38b5e2ad63119f960d8
                                            • Instruction Fuzzy Hash: 7BE04F717442286BD30C667E5C94B7BA98FEBC5B60F24883EA10DDB399CC66CC4503E4
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166667016.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5720000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 39c643782389dc6dda53edf350d45196588e1ad188cfe2d9b74d8208d48849af
                                            • Instruction ID: f6c21cf9b18b7165622842511cbad2cecfe84079802971aec8f333574ed6fa36
                                            • Opcode Fuzzy Hash: 39c643782389dc6dda53edf350d45196588e1ad188cfe2d9b74d8208d48849af
                                            • Instruction Fuzzy Hash: EDF089729042189BDB15CB58D4997CDBFB9EB80315F188059E14ADB240EB741781C745
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166667016.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5720000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 00212cece8ba5f52c25639d4de00252e827a05065a6636063f203aed6348203c
                                            • Instruction ID: aa0928e6447b4fbcc8f6c611ce3ff64a91335fc5a08e4f271303f9bdf4c59214
                                            • Opcode Fuzzy Hash: 00212cece8ba5f52c25639d4de00252e827a05065a6636063f203aed6348203c
                                            • Instruction Fuzzy Hash: EEE09B723002014FC711D629F985A8AFB9AEFC0325F14CE3AE0198B325DE74DD8E8790
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4164762152.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_53c0000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 513dd170f44809bf2cbfeeff6f048202c1f8e703147b6b946ad7fbd6d82279ac
                                            • Instruction ID: 584f1a8b70a5ff3fee40ab583c64ff8c8834025bfda41d066280b087f2864e50
                                            • Opcode Fuzzy Hash: 513dd170f44809bf2cbfeeff6f048202c1f8e703147b6b946ad7fbd6d82279ac
                                            • Instruction Fuzzy Hash: C6F03738E05258CFCB64DF64C888AD8BBB1FB49312F0045E9D80AAB380DB74AD81CF41
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4164762152.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_53c0000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 411dc8c9af3bd68b2000c043e3b75cb5d6a89d5e9d8f2351f79196bc60b9d015
                                            • Instruction ID: 617fc4e99979f85e521ba2e3699b753e74759ae77143ca5816155ac28a8077cd
                                            • Opcode Fuzzy Hash: 411dc8c9af3bd68b2000c043e3b75cb5d6a89d5e9d8f2351f79196bc60b9d015
                                            • Instruction Fuzzy Hash: 49F01D34E112158FDB14CF18C498A9DBBB1FB89310F2545D9D84ABB354CB30AD41CF10
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166667016.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5720000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 65e08ae44cda118cb32092a88ec1a809130ec18707f1c3d461e752118c2fbbdb
                                            • Instruction ID: 1566084e8d7e6263b188dc7200310eaf705fb9502aa15965fbf73dedcec1de63
                                            • Opcode Fuzzy Hash: 65e08ae44cda118cb32092a88ec1a809130ec18707f1c3d461e752118c2fbbdb
                                            • Instruction Fuzzy Hash: 93F06531A04218AFDB19DB58D49D7DDFFBAEB84315F148095E10ADB240DF701A81C784
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4164762152.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_53c0000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 21eef444a2001af76d634233c660a708024ae253c9babf8929b5ddb0c0676902
                                            • Instruction ID: 591605f70d453f288effd4627772c8b4e1cd22cb49410a2080eec8236698edd1
                                            • Opcode Fuzzy Hash: 21eef444a2001af76d634233c660a708024ae253c9babf8929b5ddb0c0676902
                                            • Instruction Fuzzy Hash: 78F0F975A01658CFDB64CF14C884BA5B7B2BF4A312F0145E9E809AB791C7319E81CF52
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166667016.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5720000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a97855bd448974d6302ac7518830b619e41604ba1339ae31125be1085951a895
                                            • Instruction ID: 6419c49f9bbde559fce96cbaff738a2b60e4bf099b3ad46cc35f5c4e82b32ae0
                                            • Opcode Fuzzy Hash: a97855bd448974d6302ac7518830b619e41604ba1339ae31125be1085951a895
                                            • Instruction Fuzzy Hash: A9E012312002055FC7119A1AE88484BFB9EEEC0364710C939E11A8B225DE74ED498790
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166667016.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5720000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 79c7b160a74f3ae1b93c2103667d1691c86a92c711427a0f359cb083e94d22e8
                                            • Instruction ID: 73b9c6f4a9fd64b4355b55523b53ddcb619fed4a526d5ec4949f741299015137
                                            • Opcode Fuzzy Hash: 79c7b160a74f3ae1b93c2103667d1691c86a92c711427a0f359cb083e94d22e8
                                            • Instruction Fuzzy Hash: 6BE07D3D3443208FEB249562CC44B9033ABBB00312F5044EDC6098F3C0C671D840DB01
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166667016.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5720000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 589f60c360760aaef6020a0eebdc5513e30bfcea5c1d4013796bc8fdaa9b48c2
                                            • Instruction ID: ac681a9f976b483c9c9c079b028d7f99c7c0f457c3278f81c0d33c05a25d9fc8
                                            • Opcode Fuzzy Hash: 589f60c360760aaef6020a0eebdc5513e30bfcea5c1d4013796bc8fdaa9b48c2
                                            • Instruction Fuzzy Hash: 62E048322482914FD702D724EC927857FB1FF45310F495A65D4C5CB957D720D44B9B51
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166240465.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5640000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8b55ef91f6302adfd9c9ee92f0d3c1459ea7753239821e8d6a70340a102ecd2b
                                            • Instruction ID: fe5224bba7c7ec75fa35e6ff7613e0108fac1a8ae02d2d364bac59c429546bad
                                            • Opcode Fuzzy Hash: 8b55ef91f6302adfd9c9ee92f0d3c1459ea7753239821e8d6a70340a102ecd2b
                                            • Instruction Fuzzy Hash: C3E0EC76904209EBCF64CFB4D9856AEB7F8EB44305F2145BAD80AD7241EA32CA52CB51
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166240465.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5640000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 89a3aad3b20d238eb137b9696186668ec28ac75ce1d7992f7853f71d0252e3d9
                                            • Instruction ID: 262f541e46d6386e5c7f81ba480d1fe2d4b7e9c912424f597fc51d321e50af47
                                            • Opcode Fuzzy Hash: 89a3aad3b20d238eb137b9696186668ec28ac75ce1d7992f7853f71d0252e3d9
                                            • Instruction Fuzzy Hash: 1ED01736A0520DEBCB10DEB4A9054AAB7ECEB09215B1005EA9C0EC3200EA32DE11DB91
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166667016.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5720000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: df6f3d079aecf1a32ce1b440ef6c73e6ec336ab4186f9f0123252884342ebee0
                                            • Instruction ID: 8391bc6c1b03d4da832859f42aa1afce3df8ec7228de69f72690b0d3cd2fc5cd
                                            • Opcode Fuzzy Hash: df6f3d079aecf1a32ce1b440ef6c73e6ec336ab4186f9f0123252884342ebee0
                                            • Instruction Fuzzy Hash: 20D02B3834833497DA2465639C14BA1739FBF00721F5080EDD6094F2C1C5B1E840D750
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4164762152.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_53c0000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 45c886ffb2190f681c8af243d152b0eea91045e0175a6d197a9e15e006f0686c
                                            • Instruction ID: 3e9603f0f615761a13516070b147451912c275852466bf6e3efae3c363edb0b7
                                            • Opcode Fuzzy Hash: 45c886ffb2190f681c8af243d152b0eea91045e0175a6d197a9e15e006f0686c
                                            • Instruction Fuzzy Hash: AFE0EC3AA04120CBDF149B94D888ABE7FB6BB45305B0588DDFC86A7208DFB0DC11CB41
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4164762152.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_53c0000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 72067ad09f0d96e8b6415ea049b38b2bd4d24a7366f3763195cbf6a6bd62f64c
                                            • Instruction ID: 05e3ecfe8a527ed79bf94cd689fa9ee4f8bc9bcabad9fd2b151137b11a4725fe
                                            • Opcode Fuzzy Hash: 72067ad09f0d96e8b6415ea049b38b2bd4d24a7366f3763195cbf6a6bd62f64c
                                            • Instruction Fuzzy Hash: 09F09878A106148FDB24DF24EC5469EBBB1BF89312F0091E5D809A7390DB705E80CF00
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166240465.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5640000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a6381df42024770841acb73281b5b252c2ac971e388ee7101b15d2fe6ca3d33b
                                            • Instruction ID: 25a9b96d87bd9c4d65b6b677a26f27d579503877147dbcbf3346985617d8c5c1
                                            • Opcode Fuzzy Hash: a6381df42024770841acb73281b5b252c2ac971e388ee7101b15d2fe6ca3d33b
                                            • Instruction Fuzzy Hash: 2CE01270B1020CEFEB04DFB5D99266DF7B9EF84200F5045A9D508DB244DE716F049B90
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4164762152.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_53c0000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d82839e232d5ecdcd2b099e76688168e6a75f3941651e4535134c2da518eb95b
                                            • Instruction ID: a12aa629c932fb553391a1c9552f91c15bc4f8553574dfc53a21e63e4f0fe9a2
                                            • Opcode Fuzzy Hash: d82839e232d5ecdcd2b099e76688168e6a75f3941651e4535134c2da518eb95b
                                            • Instruction Fuzzy Hash: 1AE09270D19219CBDB65CB25C5842987BA6AB4A311F1044EE944AAA780DB3AAE818F51
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166240465.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5640000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 27134f0d07a2275b962f2c3b0e48594857702215df6039252678ce2b9a073fc0
                                            • Instruction ID: ed560e3e2610f5e79ac4a5fc18f298a48a59797d7e2f3f13c30bdd310282f9f8
                                            • Opcode Fuzzy Hash: 27134f0d07a2275b962f2c3b0e48594857702215df6039252678ce2b9a073fc0
                                            • Instruction Fuzzy Hash: 53E01270A00108EFDB00DFA9DA4169DB7F9EB85301F1041A8950CDB745DE716F049B95
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4164762152.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_53c0000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f9a399c567ab748aa0afbd56554bfa08c9839a2da1d44d5f2789ada7575e5964
                                            • Instruction ID: 988b47ece01fb33207c0526bcfa835481eceb294384f15d905b6a0dbcb7055a2
                                            • Opcode Fuzzy Hash: f9a399c567ab748aa0afbd56554bfa08c9839a2da1d44d5f2789ada7575e5964
                                            • Instruction Fuzzy Hash: 6FF09278E053288FCB24CF18D988698BBB2FF49310F1044E9E409A7784CB75AE80CF51
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166240465.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5640000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b81ad4a5fae920c6dd081d4df309cd3735eccb2b618a4dda3afb97693711d607
                                            • Instruction ID: 841e93af678e26aec86b2ad294bd9cc218400a1d127549231e9f54c9ca6adceb
                                            • Opcode Fuzzy Hash: b81ad4a5fae920c6dd081d4df309cd3735eccb2b618a4dda3afb97693711d607
                                            • Instruction Fuzzy Hash: 29D05EB5580200BFD3108A94DC92FA93BA0AF11741F225496F2019E1F2C262D801CB00
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166667016.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5720000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a5c091aeecae38a40d5c76be53155d1ebd2509629d265057413a793e3deb661c
                                            • Instruction ID: f9153b822598c358022e33e2426378599bd1325d9abaf05a815d2a0f87780ae7
                                            • Opcode Fuzzy Hash: a5c091aeecae38a40d5c76be53155d1ebd2509629d265057413a793e3deb661c
                                            • Instruction Fuzzy Hash: F8D0EC311096129FC715DA18D94098BBBA1AF80310B04CE39A0464A638DB70ED8A8780
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166240465.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5640000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: bca17071fcc36415ed2e55d5d22572e24cc718500548040232459a29990eb4dd
                                            • Instruction ID: a69dd547675a47e68d717e6bb0bd3931ebbf46d4e889009b74a34b9d0a720c44
                                            • Opcode Fuzzy Hash: bca17071fcc36415ed2e55d5d22572e24cc718500548040232459a29990eb4dd
                                            • Instruction Fuzzy Hash: EAE0673AD05128EFEB10DBA4D985AAEBB72BB18311F154474DC4763244DB306D52DF91
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166240465.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5640000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ba7b383d90ecfdbfb165a2105713f6e1451aecca5d9c4e61bdd58ed27d94bc44
                                            • Instruction ID: 8777b5a4302e618e4b584c6b094b0a1a23a9cb44fe17e4ba076a9071d46d67ee
                                            • Opcode Fuzzy Hash: ba7b383d90ecfdbfb165a2105713f6e1451aecca5d9c4e61bdd58ed27d94bc44
                                            • Instruction Fuzzy Hash: DAD012F15445409FD7049678D8899597BBCAF5A245B120499E04AD7171D211C840CA10
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166240465.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5640000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8b625e5b8c14f26d6323dac85f6fb008522a9419a7095502cc04248e2ae5e8ef
                                            • Instruction ID: 050411e2eb6e70c56de53c1b697abd16061f085a6d15d0b5e034ceddfdef5bd5
                                            • Opcode Fuzzy Hash: 8b625e5b8c14f26d6323dac85f6fb008522a9419a7095502cc04248e2ae5e8ef
                                            • Instruction Fuzzy Hash: 2CC02B3133482C03910932DCB8040FB328DD7C4771F00002AE30983344CE654D0003D9
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166240465.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5640000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b173c8f3e90cb459e42b5ee52c2d63a1ec53f03369f4734f939f290d0288eff9
                                            • Instruction ID: c742b489ac69dc5dc1fb5a43263814d3a4b665fcda12776a68d79c86653149a1
                                            • Opcode Fuzzy Hash: b173c8f3e90cb459e42b5ee52c2d63a1ec53f03369f4734f939f290d0288eff9
                                            • Instruction Fuzzy Hash: 36C08C321187049FC700EEA8DCD2ED0BBACFB04615B4B08D1E104C7A62D212F8208A40
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166240465.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5640000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b4b92780e9b7ad5af6940e490537934c62cac7fb7430ad89d7354098f7e24346
                                            • Instruction ID: 987105f830fa7e4b534e60e1a2708d70ebb27459f2332acd55e1a2b8095a1b67
                                            • Opcode Fuzzy Hash: b4b92780e9b7ad5af6940e490537934c62cac7fb7430ad89d7354098f7e24346
                                            • Instruction Fuzzy Hash: AEC08CBB4140408FDB000FA4E58F3AE3F24C721356F260F5BF288DA200C91640434632
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166667016.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5720000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0ed0f0294d6e321fb2ada6fb17eb1014bbd1ddc0ea747e578d838a6b5b5c8e4a
                                            • Instruction ID: 74bd90e3f8df2fd07c5c3a1a60c4275620511777e54442f0cda945170125f038
                                            • Opcode Fuzzy Hash: 0ed0f0294d6e321fb2ada6fb17eb1014bbd1ddc0ea747e578d838a6b5b5c8e4a
                                            • Instruction Fuzzy Hash: F3C0127A040108AFC3008B68D88AF40BBB8EF18221F158060FA098B732C222F8208A44
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4164762152.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_53c0000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6d838c6a033914cf627c34694012a279ab8556c6afda67ef6cbc92f9b1221617
                                            • Instruction ID: 90fdcf5ba63d85591a5c1d30f86f4850e7f5dc303d43bbc529e49d55d3152c58
                                            • Opcode Fuzzy Hash: 6d838c6a033914cf627c34694012a279ab8556c6afda67ef6cbc92f9b1221617
                                            • Instruction Fuzzy Hash: 38E04275D412288FCB60DF15E848798BBB5FB49300F0085EAC84EA3694DB301E818F41
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166240465.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5640000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 2aa78829aac16ff71e3fd87c6d01611966e1c8a5cd6e1cb8b0ffb60a19035349
                                            • Instruction ID: 14e23ff7ad15ed695d3ac70273a2a9e0374d070a92d61b2fa7d7313b24ed3e66
                                            • Opcode Fuzzy Hash: 2aa78829aac16ff71e3fd87c6d01611966e1c8a5cd6e1cb8b0ffb60a19035349
                                            • Instruction Fuzzy Hash: 25C08C727283858FC382872CE88A8403BB8FF1B60532400D6F088CB232C212BC04DB92
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166240465.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5640000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 15485d6915e7e1d9361cb55cb792c6c88701b7fd5a07c2ccb3714f0b17178fec
                                            • Instruction ID: 64eab7c394817638b704d74ccaf35aa15e2daef9ea01f29e03c46b4a75645911
                                            • Opcode Fuzzy Hash: 15485d6915e7e1d9361cb55cb792c6c88701b7fd5a07c2ccb3714f0b17178fec
                                            • Instruction Fuzzy Hash: 97C08CB1890600DFC740CEA4D0C598937F8FF2934AB2310A6E008C7272D322C8028E00
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166240465.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5640000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6b3cf73ecc0437b7ba418ab1aa0e16a313d668e98a5c47dae4f63aedb3a58e83
                                            • Instruction ID: 1559b7bb1d66cdfc4324202593fed40f7269f97be06a62174427e62a94373c76
                                            • Opcode Fuzzy Hash: 6b3cf73ecc0437b7ba418ab1aa0e16a313d668e98a5c47dae4f63aedb3a58e83
                                            • Instruction Fuzzy Hash: 8DC00235280208AFD7109A55DC46F457B68AB15B50F554091F7045F6A1C6A2E8109A98
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166240465.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5640000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6b3cf73ecc0437b7ba418ab1aa0e16a313d668e98a5c47dae4f63aedb3a58e83
                                            • Instruction ID: 1559b7bb1d66cdfc4324202593fed40f7269f97be06a62174427e62a94373c76
                                            • Opcode Fuzzy Hash: 6b3cf73ecc0437b7ba418ab1aa0e16a313d668e98a5c47dae4f63aedb3a58e83
                                            • Instruction Fuzzy Hash: 8DC00235280208AFD7109A55DC46F457B68AB15B50F554091F7045F6A1C6A2E8109A98
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166667016.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5720000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a325aee887d0d1ae3a0cf65b1c5efd1d6da9ca28d70a267186794c85a8614c9e
                                            • Instruction ID: 26df56f49fd22481af11580e364c7481b2b4379e5f073390baeaec0182b97489
                                            • Opcode Fuzzy Hash: a325aee887d0d1ae3a0cf65b1c5efd1d6da9ca28d70a267186794c85a8614c9e
                                            • Instruction Fuzzy Hash: 7BC0123A000208AFC3008E18D845F4A7B78EB08720F0540A0F6088B322C622E9108A84
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166667016.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5720000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d0d6cfd41d40046ef5d0c8a5ad469b5451d7483446a65981ef3268b996f2f18d
                                            • Instruction ID: 654be8f53189b10392f98c4408a86305e6ac6d7fabae19940d4566c71470fa65
                                            • Opcode Fuzzy Hash: d0d6cfd41d40046ef5d0c8a5ad469b5451d7483446a65981ef3268b996f2f18d
                                            • Instruction Fuzzy Hash: 60C08CBB4200004BFA00CA09D8CAF857BA4E310301F1C4950F205C9240CA24F052EA29
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166240465.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5640000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: bd37b89d5aab077247e9ca6c261333b6d482a96efc2d162c4755b1429ce4a516
                                            • Instruction ID: b6a2c9da50a421057357a48bd646d8d20e240b95bf103ed846c29865627b9619
                                            • Opcode Fuzzy Hash: bd37b89d5aab077247e9ca6c261333b6d482a96efc2d162c4755b1429ce4a516
                                            • Instruction Fuzzy Hash: 0BD00276D0421CCBDB10DAE0C594BAEB3B3AB54355F15407BC81B6B694C6751C46CF91
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166240465.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5640000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 887ea6d6a89c439c5d0935c2bf305b673725f06c1e1267f1bdbc82eb8ba2043c
                                            • Instruction ID: 078d831ed246c5674df926a28d22449b7b580be9279dfedc67ca1e0f1b70b738
                                            • Opcode Fuzzy Hash: 887ea6d6a89c439c5d0935c2bf305b673725f06c1e1267f1bdbc82eb8ba2043c
                                            • Instruction Fuzzy Hash: FDC080F18493549FC7350B68A45815D7765D751359B53546FC445C0495C53380528A01
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166240465.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5640000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c756b05c374ce867550067ffa1ec858aaebef3a2f1a2367288cda7aeb9b8d9dd
                                            • Instruction ID: f56e2ba5cffe59d8363ebafed27224cbac0b3f063584f6709e3bfe2009041f1c
                                            • Opcode Fuzzy Hash: c756b05c374ce867550067ffa1ec858aaebef3a2f1a2367288cda7aeb9b8d9dd
                                            • Instruction Fuzzy Hash: 1EC09BFB8703149FDB5405E4A0C52DD7B589754BA7F32151BE40DD00C1A921C4854D00
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4164762152.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_53c0000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ee4ecc170e56cad0af8a502e18371472d76669a3fed97f4439633f9f996cec2b
                                            • Instruction ID: 12955dbfbe23c35acb2577e74837e8dde5deaa0878f78be6c2093050e63e1876
                                            • Opcode Fuzzy Hash: ee4ecc170e56cad0af8a502e18371472d76669a3fed97f4439633f9f996cec2b
                                            • Instruction Fuzzy Hash: C9C04C3808D2C59FE71207A968B81953FF56D0601170D04C69C89CB562811591169355
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166240465.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5640000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e7dc530b26c41f56b80a1b7f3b25ac7fa9803df00972488b9197040e5017f865
                                            • Instruction ID: d158f734323e189737826f17c710efbe317827133a28a3becda91b145689b987
                                            • Opcode Fuzzy Hash: e7dc530b26c41f56b80a1b7f3b25ac7fa9803df00972488b9197040e5017f865
                                            • Instruction Fuzzy Hash: 4DC09B1605E7C48FD30323E0781D25C7F3CCD46425FAA00C3D2DCC6157E616485483B6
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166240465.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5640000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f637af48666f0bfbb5fc983c98de8f40454c14a39dcbb9c924057c5daa3f44ae
                                            • Instruction ID: db16aa4547bf9f2d8df035cb47982071b7c174b460c42d92dd04e9e1996426ed
                                            • Opcode Fuzzy Hash: f637af48666f0bfbb5fc983c98de8f40454c14a39dcbb9c924057c5daa3f44ae
                                            • Instruction Fuzzy Hash: 5CC0923AD1531CCBC700FBA4C48824FB7E3AB54690FA48335C40EAB2A0DA716C02CF88
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166667016.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5720000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                            • Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
                                            • Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                            • Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166667016.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5720000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: afa3fbe70d3d558da4166abfa2970b00cf74fd731a058567ef0707808dac912c
                                            • Instruction ID: 1fa3f4e85271e300b56c2e9e69a6b4923c990aa56bbab792200207c056517f16
                                            • Opcode Fuzzy Hash: afa3fbe70d3d558da4166abfa2970b00cf74fd731a058567ef0707808dac912c
                                            • Instruction Fuzzy Hash: 0AC09BB74100C14BF701CB64E556B857F68D715346F154415D1C3C9180CA246661DB3D
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166240465.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5640000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ba36aef03bc27f84ab667d144efac4fccdcd93af6e34ac239b6cc8976010b3de
                                            • Instruction ID: a086de6630c9c25d0d1ef151d61145ab0e9105ca671659dc64f504c3d7f1862d
                                            • Opcode Fuzzy Hash: ba36aef03bc27f84ab667d144efac4fccdcd93af6e34ac239b6cc8976010b3de
                                            • Instruction Fuzzy Hash: DBB092301402088FC300DA58D445C5077A8AB08A0430500D0E2088B232D622F8008A40
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166240465.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5640000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8ab4bbdd17a120ddc1ef3c4cf224515beb75f8373d4b4482147fda78e6e90976
                                            • Instruction ID: 20159973dc6c4478fa717a34ac84a2881d4813b9dc5cbab7339b5de6a68ee492
                                            • Opcode Fuzzy Hash: 8ab4bbdd17a120ddc1ef3c4cf224515beb75f8373d4b4482147fda78e6e90976
                                            • Instruction Fuzzy Hash: 0DB01231250208CFC300DB6CE444C0033FCAF4DA1431000D0F10C8B331C721FC008A40
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166240465.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5640000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f4e2839fb080d70fd9d5ab266c8ff45246f4c7246a28781672dbb782ec4b6ef3
                                            • Instruction ID: cfd3c94acb28e12ede7e7a80c62375d018fe088f1f186957f4485c32e65079b3
                                            • Opcode Fuzzy Hash: f4e2839fb080d70fd9d5ab266c8ff45246f4c7246a28781672dbb782ec4b6ef3
                                            • Instruction Fuzzy Hash: 6CB092301602088F82009A59E448C0137ACAF08A0434100D0E1088B632C621F8008A51
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166240465.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5640000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ea3e1ca7d46ba1842b712aea538dadd1f6dd1c82c437a8bfaff8415f7eddf92e
                                            • Instruction ID: b718ab2c249d452cbf5d6cc2682dc991bc342612adfdb0e128e7c8559ac10a4c
                                            • Opcode Fuzzy Hash: ea3e1ca7d46ba1842b712aea538dadd1f6dd1c82c437a8bfaff8415f7eddf92e
                                            • Instruction Fuzzy Hash: 60B01238050108CFD7003BA0B40F04E3F2C9900326BC14211F30D481004E5154005D61
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166240465.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5640000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a35b94a68f7c4b7567d5f91d172f55421f9e29921dd73c803e995a2f03265d01
                                            • Instruction ID: a136d31b4648f218486bf5cb1ad07de9ef31e8686db64e34b659b88132c01c59
                                            • Opcode Fuzzy Hash: a35b94a68f7c4b7567d5f91d172f55421f9e29921dd73c803e995a2f03265d01
                                            • Instruction Fuzzy Hash: 91B01230240608CFC300DB5CD445C0477FCAF49A0430000D0F1088B331C721FC009A40
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166240465.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5640000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 72501201617008b986c6ecdf217939323aeef6e057a262a66a9af83cf13f23bc
                                            • Instruction ID: 27310be44d3b7abb115361948b54caf2e33d09dec135f28ea5f58cfa2d955dfc
                                            • Opcode Fuzzy Hash: 72501201617008b986c6ecdf217939323aeef6e057a262a66a9af83cf13f23bc
                                            • Instruction Fuzzy Hash: CCB09232000308AB87009A88E848855BB69AB59700700C029B609061128B32A822DB99
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166240465.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5640000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ebdfdb249b58218153963e37b2a5a61368744e76cb26e0baeb64348f9d28c3c1
                                            • Instruction ID: e3035e1df7ffdbc822d593d919369507016f68dfc9301ef73b291b06a96b9eaf
                                            • Opcode Fuzzy Hash: ebdfdb249b58218153963e37b2a5a61368744e76cb26e0baeb64348f9d28c3c1
                                            • Instruction Fuzzy Hash: 27B0123BB400199ACB00D6C8F4504ECFB30EBD4332F004033C300620008B31157AC760
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166240465.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5640000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: dbfe652a467b3316fb3eb32d4fcab1a329bcf6802272ea165067c8cb0d7deaee
                                            • Instruction ID: 934735e9c965bed55aca95eb7e945d8b9b50a9500379e263ef9d00c95a788ab4
                                            • Opcode Fuzzy Hash: dbfe652a467b3316fb3eb32d4fcab1a329bcf6802272ea165067c8cb0d7deaee
                                            • Instruction Fuzzy Hash: 86C09B315451168FDB14D711F945B557732BB45305F044171400516269C7705DC6CF81
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4164762152.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_53c0000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9f686124c0930a9a697251fef41440bb7e53d3155c42ef20ddd22ca5f01fbac6
                                            • Instruction ID: 2143d6c2bf8451430958fdaf006559ef95daaf8596ec427c6689aad084d8afe5
                                            • Opcode Fuzzy Hash: 9f686124c0930a9a697251fef41440bb7e53d3155c42ef20ddd22ca5f01fbac6
                                            • Instruction Fuzzy Hash: 7390223C08820C8B02002388380C000330CAA008003800000A00E020000A0020000280
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4164762152.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_53c0000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 167bf57d3b95ca4bced5215c1d7daa32db56ecf6ba07f677d1e8d65c9637d6a0
                                            • Instruction ID: e06c14907c314bac0852272fd33941c5cb116f40a1bf9958394b8dd196c07563
                                            • Opcode Fuzzy Hash: 167bf57d3b95ca4bced5215c1d7daa32db56ecf6ba07f677d1e8d65c9637d6a0
                                            • Instruction Fuzzy Hash: 49900235145B0C8B86507799B90D555775C9544D157800051A50D415056A5564205A9A
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166240465.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5640000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8725485302f654bc7a317d69c6bd3f933832ed05017eec76a116d57fce6fd6ed
                                            • Instruction ID: 30a0b5d883e969e7c4a695a2fadb6a6c4a0f024cf44a64f2d22146c361b9972e
                                            • Opcode Fuzzy Hash: 8725485302f654bc7a317d69c6bd3f933832ed05017eec76a116d57fce6fd6ed
                                            • Instruction Fuzzy Hash: 9190027205460C9B56402799780A595FB5CA544626B840051F60D859015E6564504A95
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166240465.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5640000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c88d2d6935814cd207dd7110ed3d8c3677cedefff03c69cbe07a37361c15b2d3
                                            • Instruction ID: eac0ee706d5446e37af2d4f9657db0370958ab5ce435cd9a82a318b9f3450274
                                            • Opcode Fuzzy Hash: c88d2d6935814cd207dd7110ed3d8c3677cedefff03c69cbe07a37361c15b2d3
                                            • Instruction Fuzzy Hash: 9190023508564C8B875027D9740D595775C964452A7800451A54D425056A56646056D5
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166240465.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5640000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: fb93bc8a10585c7a286cf3e49c5276371687e97e9494679c1868c082b83a4988
                                            • Instruction ID: 1828058fe7079f7dd9ec593329ac2bf0522b210f11b2550214923c9ca3f78fa5
                                            • Opcode Fuzzy Hash: fb93bc8a10585c7a286cf3e49c5276371687e97e9494679c1868c082b83a4988
                                            • Instruction Fuzzy Hash: 65900222804020C6E3409064400976402C24354674F1A4571CD099B240E5195C035641
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166667016.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5720000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: (bq$,bq
                                            • API String ID: 0-1616511919
                                            • Opcode ID: 80405f53a13a0dd0b08e84e78e569d0359ba917a44bbc3d3fe153ffeca099c5f
                                            • Instruction ID: 71fce47f736b969ab1620481564420b695bf4e1f8f04cb60d6eb2923bdf5df0a
                                            • Opcode Fuzzy Hash: 80405f53a13a0dd0b08e84e78e569d0359ba917a44bbc3d3fe153ffeca099c5f
                                            • Instruction Fuzzy Hash: C5D11A34A00614CFCB14DF69C584AAAB7F2FF88311F65C5A9E9169B362CB35EC81DB50
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4156447034.0000000002C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_2c80000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 4'^q$4'^q
                                            • API String ID: 0-2697143702
                                            • Opcode ID: 48cabd88e10ecd3e4407f6f5739fbe7abd9c20b275823618194553f548db76d4
                                            • Instruction ID: 52e6458b6955f9982470637ddf4c0349723f3f9fc1a6fbdfd5131f14c2015ddf
                                            • Opcode Fuzzy Hash: 48cabd88e10ecd3e4407f6f5739fbe7abd9c20b275823618194553f548db76d4
                                            • Instruction Fuzzy Hash: 6C511C75A006548FDB1EEF7BF54479ABBE3BBD8204F14D529C0089B26CEB715909CB90
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4156447034.0000000002C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_2c80000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 4'^q$4'^q
                                            • API String ID: 0-2697143702
                                            • Opcode ID: bfccb5b0d810eb47c32eb210492947a2baafea59250ba8f9e861400697f032c9
                                            • Instruction ID: 1a83c28e0d1eeb9d7b3f5005979522c628278f91c180b1a56667a5bd1051f1bf
                                            • Opcode Fuzzy Hash: bfccb5b0d810eb47c32eb210492947a2baafea59250ba8f9e861400697f032c9
                                            • Instruction Fuzzy Hash: 24511B75A006548FDB1EEF6BF54479ABBE3BBD8200F14D639C0089B26CEB745909CB90
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166240465.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5640000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: C^(
                                            • API String ID: 0-1208937167
                                            • Opcode ID: 109e3efd675d58b692b3c0ec3759099bc04877012d5c6856dfce0a4f71f7209f
                                            • Instruction ID: c69ae70629bad5c482524d3846a80697ccfc231523522056cedde5f1174dc593
                                            • Opcode Fuzzy Hash: 109e3efd675d58b692b3c0ec3759099bc04877012d5c6856dfce0a4f71f7209f
                                            • Instruction Fuzzy Hash: 4FC19E71E001298FCB55CBA9C880AAEFBF2FB89304F248669D455E7646D734ED42CF90
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166766868.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5730000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: \VSm
                                            • API String ID: 0-1782263414
                                            • Opcode ID: 15d9dfe3fa45c13bd78804ee1fd2c69a34f27da9e37ab9f23644653248709cc4
                                            • Instruction ID: aa554623a8fd225c9274a045c534a5a546ff3369c9d17037cef693b913d406b5
                                            • Opcode Fuzzy Hash: 15d9dfe3fa45c13bd78804ee1fd2c69a34f27da9e37ab9f23644653248709cc4
                                            • Instruction Fuzzy Hash: 0BB15E70E002198FDF14CFA9C8867ADBBF2BF88324F148529D815E7295EB749846DF81
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4156447034.0000000002C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_2c80000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: bdbf4938ed8a008716f8ac845190b695e8e45106a31507714849a635b259ed07
                                            • Instruction ID: dc2c50e0270f5f414b6b67db28794bf79e80e1940db7b3aff0687888e93538c5
                                            • Opcode Fuzzy Hash: bdbf4938ed8a008716f8ac845190b695e8e45106a31507714849a635b259ed07
                                            • Instruction Fuzzy Hash: B732AB7E60C3554BF717DA58DDD35ADBFA2AB4CA05BC082F5C0E1A6332D3649E828790
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4156447034.0000000002C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_2c80000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d1a120bfc04c4bea95395ed569a20c31c390c9d3b4058840935946157324c2d3
                                            • Instruction ID: dbf7f5fb155bf3ca6fef47531bc1e0f9e0f11ac54449e71858ae9d1fc02aa5ec
                                            • Opcode Fuzzy Hash: d1a120bfc04c4bea95395ed569a20c31c390c9d3b4058840935946157324c2d3
                                            • Instruction Fuzzy Hash: 7922AA7E60C3554BF71BDA18DDE3579BFA2964CA05BC082F1C1E295332D3A85EC28390
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4156447034.0000000002C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_2c80000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c1a8d2241301d54eb9a0d96fdeb282d6b606f775577cfe0510da071109e19769
                                            • Instruction ID: a80be19fea31134cc4158db679afb90351f808a297711ea2b6fec7d0db071e47
                                            • Opcode Fuzzy Hash: c1a8d2241301d54eb9a0d96fdeb282d6b606f775577cfe0510da071109e19769
                                            • Instruction Fuzzy Hash: 17129A7E60C3554BF71BDA19DEE3579BFA2964CA05BC082F1C1E295332D3A85EC28391
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4156447034.0000000002C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_2c80000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9f94a3d9ea0f8d617baae6423ee3c187940aea7fe762469d380e11b5ecc0c5aa
                                            • Instruction ID: 0d832b590befd62041524aaa767ca49b220ea9494e1f885f7d86355ada075f2c
                                            • Opcode Fuzzy Hash: 9f94a3d9ea0f8d617baae6423ee3c187940aea7fe762469d380e11b5ecc0c5aa
                                            • Instruction Fuzzy Hash: 3712AA7E60C3554BF71BDA18DDE3579BFA2964CA05BC082F1C1E295332D3A85EC28391
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4156447034.0000000002C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_2c80000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: dc44eb4c081f37f6cb1a3bc06c765194be161ca2c2204f9b5b7595b8ac65928f
                                            • Instruction ID: d52f1499fc9d2fbf72950a4d520687d82e55679aefaa8947be3f720be3a79b6e
                                            • Opcode Fuzzy Hash: dc44eb4c081f37f6cb1a3bc06c765194be161ca2c2204f9b5b7595b8ac65928f
                                            • Instruction Fuzzy Hash: 2512AA7E60C3554BF71BDA19DDE3579BFA2964CA05BC082F1C1E2A5332D3A85EC28391
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4156447034.0000000002C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_2c80000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4792e20d9fd8bff19d5f6cd4799a00ef41f97f41daa0d022e38837be57ee8fe7
                                            • Instruction ID: 5475570ad571a109ec182d17f4bc7535c4a17b9c5ec2634fa888c116935f6cd7
                                            • Opcode Fuzzy Hash: 4792e20d9fd8bff19d5f6cd4799a00ef41f97f41daa0d022e38837be57ee8fe7
                                            • Instruction Fuzzy Hash: 9712AA7E60C3554BF71BDA58DDE3579BFA2964CA05BC082F1C1E2A5332D3A85EC28391
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4156447034.0000000002C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_2c80000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9b726528bdc866260af740387fbd8960db99a0cca78caf0868242b1c792ee8eb
                                            • Instruction ID: 51a0830e704277b284fa7ed1f0c8ad336d09c3f927bb15150d8edb52f82fa9a5
                                            • Opcode Fuzzy Hash: 9b726528bdc866260af740387fbd8960db99a0cca78caf0868242b1c792ee8eb
                                            • Instruction Fuzzy Hash: 9B12AA7E60C3554BF71BDA19DDE3579BFA2968CA05BC082F1C1E295332D3A85EC28391
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4156447034.0000000002C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_2c80000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5a7069ccecd75ec2eb19e81626a6320d954636256005742772ee8faa9e00a76e
                                            • Instruction ID: 2261deeefe34440ecab1944752a4aaceec80addc6dcb3f129d0f58be79218565
                                            • Opcode Fuzzy Hash: 5a7069ccecd75ec2eb19e81626a6320d954636256005742772ee8faa9e00a76e
                                            • Instruction Fuzzy Hash: 9112AA7E60C3554BF71BDA19DDE3579BFA2964CA05BC082F1C1E295332D3A85EC28391
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4156447034.0000000002C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_2c80000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3419f3408d15ca7006f09a453cfd616d4809589f7481b5faba2c4f3189bddf6c
                                            • Instruction ID: 7909be88e15b1f41b67af0e9b52af4a5c5e59ee06d4fa060470637499afb61e3
                                            • Opcode Fuzzy Hash: 3419f3408d15ca7006f09a453cfd616d4809589f7481b5faba2c4f3189bddf6c
                                            • Instruction Fuzzy Hash: 7A129A7E60C3554BF71BDA19DDE3579BFA2964CA05BC082F1C1E295332D3A85EC28391
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4156447034.0000000002C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_2c80000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b1290db63842df81ec855434adecf96aa708f31647134cf63a29b1976b707b1d
                                            • Instruction ID: 083c3b53cd1fff0b1fd0da1f39d65e3c0ef1108aca53339e0166961363f2dc72
                                            • Opcode Fuzzy Hash: b1290db63842df81ec855434adecf96aa708f31647134cf63a29b1976b707b1d
                                            • Instruction Fuzzy Hash: 25129A7E60C3554BF71BDA19DDE3679BFA2964CA05BC082F1C1E295332D3A85EC28391
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4156447034.0000000002C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_2c80000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 55c61c1e458b6a89be2e291c949cea9ffaae23327f7f886ceaafea5f3a1984c1
                                            • Instruction ID: b0ef579099a5618671c60eed0dcb28f3ebe6c10bbf881a13375e4e524ad7a2de
                                            • Opcode Fuzzy Hash: 55c61c1e458b6a89be2e291c949cea9ffaae23327f7f886ceaafea5f3a1984c1
                                            • Instruction Fuzzy Hash: E712AA7E60C3554BF71BDA19DDE3579BFA2964CA05BC082F1C1E2A5332D3A85EC28390
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4166240465.0000000005640000.00000040.00000800.00020000.00000000.sdmp, Offset: 05640000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5640000_RegAsm.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6c8777a3a431e9d83cf070113cf7ab38e35815b468347123323432213518b0aa
                                            • Instruction ID: a59b23ac2ed24425649c906b2fe218de60994f0e126f49be1ca35294a320a3c7
                                            • Opcode Fuzzy Hash: 6c8777a3a431e9d83cf070113cf7ab38e35815b468347123323432213518b0aa
                                            • Instruction Fuzzy Hash: 72716C71E0452A8FDB54CFA9C881AAEFBF1FB88304F148229D415E7645D734E946CF90